Re: [quicwg/base-drafts] Remove DoS vector for spoofed connection migration (#2893)

Eric Kinnear <> Wed, 17 July 2019 17:41 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BC7D7120895 for <>; Wed, 17 Jul 2019 10:41:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -7.999
X-Spam-Status: No, score=-7.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id TYG3s7wCtraK for <>; Wed, 17 Jul 2019 10:41:31 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D43C912088F for <>; Wed, 17 Jul 2019 10:41:30 -0700 (PDT)
Date: Wed, 17 Jul 2019 10:41:29 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1563385289; bh=S7VpGWFU8/5UK0ymchZ/w3gjG24MDS2TfoN4mxVXbnw=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=GdvLl2Z1xICmzPVGXL/+UyNEUOpoU6rycMN86TjixMxABpmdU1S4UVJFhNRfJDFkZ 9BnRSzMNG6VcWuPnWQUkz4QhJmmRuegdyUysPo7e1VrDeiZ6kwq1bomdNs/VGPCkm/ 2wZxVw2tw4VDrrWas8nxJd4sQq6xmCVfPpeBC5xI=
From: Eric Kinnear <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/2893/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Remove DoS vector for spoofed connection migration (#2893)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d2f5dc9cc7b5_5bd13ff178ecd96c35248b"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: erickinnear
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 17 Jul 2019 17:41:33 -0000

erickinnear commented on this pull request.

> -Not all changes of peer address are intentional migrations. The peer could
-experience NAT rebinding: a change of address due to a middlebox, usually a NAT,
-allocating a new outgoing port or even a new outgoing IP address for a flow.  An
-endpoint MUST perform path validation ({{migrate-validate}}) if it detects any
-change to a peer's address, unless it has previously validated that address.
+An endpoint also MUST NOT send packets from a different local address, actively
+initiating migration, if the peer sent the `disable_active_migration` transport
+parameter during the handshake. An endpoint which has sent this transport
+parameter, but detects that a peer has nonetheless migrated to a different
+network MUST either drop the incoming packets on that path without generating a
+stateless reset or proceed with path validation and allow the peer to migrate.
+This helps to prevent third parties in the network causing connections to close
+due to spoofed addresses or other manipulation of observed traffic. An endpoint
+MUST NOT actively initiate migration if its peer supplies a zero-length
+connection ID as packets without a Destination Connection ID cannot be
+attributed to a connection based on address tuple.

Good point! We cover this area much more thoroughly elsewhere, I'll remove this.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: