Re: [quicwg/base-drafts] Backoff on CONNECTION_CLOSE (#3157)

ianswett <> Tue, 29 October 2019 00:24 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 46345120047 for <>; Mon, 28 Oct 2019 17:24:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -7.999
X-Spam-Status: No, score=-7.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id edOKnH_VSHQf for <>; Mon, 28 Oct 2019 17:24:40 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 63AD312003E for <>; Mon, 28 Oct 2019 17:24:40 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 96BFD6E01AB for <>; Mon, 28 Oct 2019 17:24:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1572308679; bh=NCDSmL3zK/hJ0zVq7+Qlrap2wcnafeKNRQhQ9MY33K8=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=wkm3uN1spBX4B7pFe4odhq2TVo1kUHWZmomU4mNUYvOp92y04RB2BZcnBogLMwELv 5cBN2QBHIJMirVdrsbjB5WdPk+m4lq8UyI4Mr/FH0RvTG1UAn0rn7KD43ZR6Enb67g 6H4ZA7E9kBi9ssk/2NuNiL98f3oUDYV2DOcOi2GA=
Date: Mon, 28 Oct 2019 17:24:39 -0700
From: ianswett <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3157/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Backoff on CONNECTION_CLOSE (#3157)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5db786c787737_7df3fc5ff2cd9687138a"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: ianswett
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 29 Oct 2019 00:24:42 -0000

ianswett commented on this pull request.

> +closing state.
+During the closing period, an endpoint that sends a CONNECTION_CLOSE frame
+SHOULD respond to any incoming packet that can be decrypted with another packet
+containing a CONNECTION_CLOSE frame.  Such an endpoint SHOULD limit the number
+of packets it generates containing a CONNECTION_CLOSE frame.  For instance, an
+endpoint could progressively increase the number of packets that it receives
+before sending additional packets or increase the time between packets.
+An endpoint is allowed to drop the packet protection keys when entering the
+closing period ({{draining}}).  However, an endpoint without the packet
+protection keys cannot identify and discard invalid packets.  To avoid creating
+an unwitting amplification attack, such endpoints MUST reduce the frequency with
+which it sends packets containing a CONNECTION_CLOSE frame.
+To minimize the state that an endpoint maintains for a closing connection,

I think it makes sense to make this part of the preceding paragraph, since it pertains to cases when the keys are dropped?

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: