Re: [quicwg/base-drafts] How to reject a connection attempt (#3690)

Marten Seemann <> Mon, 25 May 2020 04:52 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 64BB63A0B4C for <>; Sun, 24 May 2020 21:52:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.555
X-Spam-Status: No, score=-1.555 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id a-W25BlvTsxo for <>; Sun, 24 May 2020 21:52:47 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3F9CC3A0B48 for <>; Sun, 24 May 2020 21:52:47 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id B51398C0B76 for <>; Sun, 24 May 2020 21:52:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1590382365; bh=Ws1TyUPBzzQZ2xoGsH5gtdzr34mtaHOp7OnCYwgk4dA=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=ZIbknTCdl/+k5UpIXC9116kyRirh0frXsztHWIbe5nwhX0Uu6EyLERhpiycJWvd17 TScArt7xykqAXpoJ00SEpICuurYO5jOS+LCM77nqDe8XnjtEs0Ae64r7sBfBwG3h09 vKmvXfG6100W7IV407syWvMJ2ePDWwX9rHYNhZXI=
Date: Sun, 24 May 2020 21:52:45 -0700
From: Marten Seemann <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/3690/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] How to reject a connection attempt (#3690)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5ecb4f1da3e80_78b63fddebccd96418089c4"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: marten-seemann
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 25 May 2020 04:52:50 -0000

I don't think that renaming an existing error will solve my problem. Otherwise, I would've just used that error...

The point I was trying to make here is that clients will already make decisions about future connection attempts based on unauthenticated information, both sent in CONNECTION_CLOSE error codes as well as in Version Negotiation packets.

Adding one more error doesn't seem to exacerbate that situation, while at the same time enabling a way of blacklisting IP addresses that was possible with TCP and is currently not possible using QUIC.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: