Re: [quicwg/base-drafts] Immediately close with INVALID_TOKEN (#3107)

Kazuho Oku <> Fri, 01 November 2019 11:51 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 79FCD12010E for <>; Fri, 1 Nov 2019 04:51:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -7.999
X-Spam-Status: No, score=-7.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id cV319qSjYF-j for <>; Fri, 1 Nov 2019 04:51:33 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id DCB9B120834 for <>; Fri, 1 Nov 2019 04:51:32 -0700 (PDT)
Date: Fri, 01 Nov 2019 04:51:31 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1572609092; bh=d0LZS4iwFBoUXN57ckoQItm8gaxQ4/fE1dzk2HK5x24=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=z+gPmW2Y+30aaj1L6w1b95KgSMnvWI/kewCIKL5lmHP38R/EGY5bGdvXc+c6HyzVl nANzEDTGNP/szFa+bTos32ZKvYAENOJcl1if1yJA1cjI6T+ts9YTXwevDlhD9jgZOT mWUj8jahBUY4BbQiz24spLKNWoJecuwqMzeAOtLI=
From: Kazuho Oku <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3107/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Immediately close with INVALID_TOKEN (#3107)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5dbc1c43f0c8f_4fdd3fe8a80cd96c2790cb"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 01 Nov 2019 11:51:35 -0000

kazuho approved this pull request.

LGTM. I have one editorial suggestion.

> @@ -1641,6 +1641,13 @@ of connection establishment.  By giving the client a different connection ID to
 use, a server can cause the connection to be routed to a server instance with
 more resources available for new connections.
+If a server receives a client Initial with an invalid Retry token,
+it knows the client will not accept another Retry token.  It can either

Let me retract my [comment above]( We do not need to care about the packet becoming corrupt on the wire, because the prerequisite for responding with a CONNECTION_CLOSE is that the Initial that has been received can be unprotected.

To avoid confusion, maybe change "If a server receives a client Initial with an invalid Retry token" to "If a server receives a client Initial that can be unprotected but contains an invalid Retry token"?

> The client could also connect to an unexpected endpoint or the token could have expired.

I'd say that that's a failure in the server deployment. We do not discuss how that should be handled.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: