Re: [quicwg/base-drafts] Disallow reuse of stateless reset tokens (#2785)

Martin Thomson <> Thu, 13 June 2019 00:53 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D0C55120164 for <>; Wed, 12 Jun 2019 17:53:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.605
X-Spam-Status: No, score=-6.605 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id GKWVkHYxyvjG for <>; Wed, 12 Jun 2019 17:53:44 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id F07CF1200A1 for <>; Wed, 12 Jun 2019 17:53:43 -0700 (PDT)
Date: Wed, 12 Jun 2019 17:53:43 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1560387223; bh=W/phOJSB959uDhtGFTKkLHpQ8GcNH53HOfdrDpxG1wM=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=NpgQWnRnz7ZiH7o1ENj8cvXG0/gtw3m8WiIlk/3vyNNo2F0uOm5sVZbBCvmPSDgEv kfAAZVR3H1yWWM/shS4dreP93t9dowE6z2hgG9sqW+ZHK8SIRoGHnb7nNxG9TEuOYT vrP/3mG3t2JlV1zf32uixetbJ7xu1XoFt05gRqDY=
From: Martin Thomson <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/2785/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] Disallow reuse of stateless reset tokens (#2785)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d019e97dc2_1f4a3f94746cd96c873c"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 13 Jun 2019 00:53:46 -0000

@MikeBishop's analysis is entirely correct.

I don't think that we should put in rules to prevent self-harm through idiocy.  And this is definitely a case of that.  An endpoint that forgets a CID when the associated SRT is active only hurts themselves.

The text is sufficient as it stands.  A prohibition won't prevent implementations from doing dangerous things.  As it stands, you need to take extraordinary steps to put yourself in position to mess this up.  The construction @kazuho describes is a totally sensible one, but it is very hard to forget connection IDs with that scheme.  More relevant to this, the SRT construction process described in the spec won't have this problem.  

What exactly do you think this prohibition will achieve?

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: