Re: [quicwg/base-drafts] Authenticate connection IDs (#3499)

Martin Thomson <> Wed, 29 April 2020 23:56 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 61C2C3A0AA2 for <>; Wed, 29 Apr 2020 16:56:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.482
X-Spam-Status: No, score=-1.482 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id X-qTwiHB_nZh for <>; Wed, 29 Apr 2020 16:56:03 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B894A3A0AA1 for <>; Wed, 29 Apr 2020 16:56:03 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id D8BE42C19E3 for <>; Wed, 29 Apr 2020 16:56:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1588204562; bh=NeIYUdmRRBbYMiqgtmbkcAdw33nE/cDwDp/iLUaD1pU=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=AOdDb05ZyujtHFOpwDmcEabnp7CKWq1IEsxCydAqOn0idtfCn14aQyb3KnQASXP0l Mnn20uDoNikHGkjYsVsNBsfMFxssaXY0xA9oS+wiOjCPLm5XpIFFlgnRk7B6yudlOT K2m4LZ3gSKqfLl4mimzXDRLzOYNCmQjHQeps+4oY=
Date: Wed, 29 Apr 2020 16:56:02 -0700
From: Martin Thomson <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3499/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Authenticate connection IDs (#3499)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5eaa1412c7f57_6f1d3fd0d9acd96c270c2"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 29 Apr 2020 23:56:05 -0000

@martinthomson commented on this pull request.

> +treat any of the following as a connection error of type PROTOCOL_VIOLATION:
+* absence of the initial_connection_id transport parameter from either
+  endpoint,
+* absence of the original_connection_id transport parameter from the server,
+* absence of the retry_connection_id transport parameter from the server after
+  receiving a Retry packet,
+* presence of the retry_connection_id transport parameter when no Retry packet
+  was received, or
+* a mismatch between values received from a peer in these transport parameters
+  and the value sent in the corresponding Destination Connection ID fields of
+  Initial packets.

> the client will then use this value as its DCID for the next Initial

Yeah, that was my thought.  The Retry.SCID thing is a choice people are free to use, but that doesn't need to be written down.  This way is simpler.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: