Re: [quicwg/base-drafts] Let server abort on post-Retry packet number reset (#3990)

Jana Iyengar <> Sat, 29 August 2020 01:20 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id CA64F3A0EDE for <>; Fri, 28 Aug 2020 18:20:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.483
X-Spam-Status: No, score=-1.483 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id J8g-wbGXOL8G for <>; Fri, 28 Aug 2020 18:20:00 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 6CB5C3A0EDD for <>; Fri, 28 Aug 2020 18:20:00 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 8649C5E03FE for <>; Fri, 28 Aug 2020 18:19:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1598663999; bh=A5SPRiEA0YWpE4atUodhW5A7x6KFndvz+9YzRJ4O5/Y=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=aND1lQEA3/uc09Y2Ukh8f7plJhphdNTX3i5idTC9+OP66ipbqINtMbY5UmSBJl9NH +MQkitvi5nk2/6it/tg3rHrwAeXAtqvNyBjZFkQTbkxQychMZ5oXQSP280+rTwpqdk 6fT55k8HnsyuFMf6BnNmit9C7aajZBdLtKCRqWq0=
Date: Fri, 28 Aug 2020 18:19:59 -0700
From: Jana Iyengar <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3990/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Let server abort on post-Retry packet number reset (#3990)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5f49ad3f75649_57731964178ac"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: janaiyengar
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 29 Aug 2020 01:20:02 -0000

@janaiyengar commented on this pull request.

> @@ -4807,6 +4807,8 @@ responding to a Retry packet. However, the data sent in these packets could be
 different than what was sent earlier. Sending these new packets with the same
 packet number is likely to compromise the packet protection for those packets
 because the same key and nonce could be used to protect different content.
+A server MAY abort the connection if it detects that the client reset the

My argument for why here is because this PN reuse can be a security issue.

That said, you're right that it's not as principled as I would like it to be; there also isn't such a general rule, and you make a good point that it might be useful to have a general rule.

Given that we don't have such a rule at the moment, I would be happy to take this text in and evaluate this with other MAYs in the general sense if there's enough interest to do it. Would you mind filing a separate issue for this?

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: