Re: [quicwg/base-drafts] Add initial threat model to security considerations (#2925)

mirjak <> Fri, 25 October 2019 14:21 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id EB776120123 for <>; Fri, 25 Oct 2019 07:21:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.454
X-Spam-Status: No, score=-6.454 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id QxT8JOgJp3mW for <>; Fri, 25 Oct 2019 07:21:19 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 5567C120122 for <>; Fri, 25 Oct 2019 07:21:19 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 536BC2C329D for <>; Fri, 25 Oct 2019 07:21:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1572013278; bh=NSncccbjdPe/4UQMScwCdsq5tgI2QwL0C44i+MUuk2Y=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=Gqza7ZRTsyV8K2B/aAeJ2jh4duEr2xNGU1CZ2+9AgNxhxJ5v3+I1zWIvOR7dLMS/M 23UIAEO7C3Iyw5GFmV6+9Bj41GIhlfeSKBn2Gu1ARX/8wEg4y4v1BsT83jho1sh3sr FcuqtPijKDx/S97jflffLznRMVMnL/B2MfEJqSIc=
Date: Fri, 25 Oct 2019 07:21:18 -0700
From: mirjak <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/2925/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Add initial threat model to security considerations (#2925)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5db304de446c4_4ea53ffd7cecd95c10757f"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mirjak
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 25 Oct 2019 14:21:21 -0000

I just had a quick read, and this looks fine (maybe there is an option to remove some redundancy but not sure). However, I would have expected that this would also talk about likability. Or do we already cover hat somewhere else? More generally I think it would be helpful to add some text at the beginning to not only define the attackers capabilities but also its intention, so the (goal of) the attack itself.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: