Re: [quicwg/base-drafts] Rework Retry packet (#1498)

Nick Banks <> Thu, 19 July 2018 13:31 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id AD54A130E1C for <>; Thu, 19 Jul 2018 06:31:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -8.01
X-Spam-Status: No, score=-8.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id DLzphxT86b4O for <>; Thu, 19 Jul 2018 06:31:14 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 90594130DCE for <>; Thu, 19 Jul 2018 06:31:14 -0700 (PDT)
Date: Thu, 19 Jul 2018 06:31:13 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1532007073; bh=kJThrqNo/5jKDujJuOaI2fSNvoUlUyf5aWjFMtqv+ys=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=KeG6uUK7swSnC1CYcYeE/b2yXtJQwtrhe2r0pPNgBqwYKNhYqRPIOOdYZL8AQ9h3t cggEvo5BjZgu5pgjgmCdcO/8zijFAvz+AJqPReAMVVnwmTgCAFzJHccbqi8GjSJoO0 Dw1ReKayrsofllcG/1uhpfQuAn4Mt0ExwXW7vcrM=
From: Nick Banks <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/1498/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Rework Retry packet (#1498)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5b5092a1924ed_3a193ff327ebef88181620"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: nibanks
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.27
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 19 Jul 2018 13:31:17 -0000

nibanks commented on this pull request.

> +A Retry packet does not include a packet number and cannot be explictly
+acknowledged by a client.
+A server MUST only send a Retry in response to a client Initial packet.
+If the Original Destination Connection ID field does not match the Destination
+Connection ID from the most recent Initial packet it sent, clients MUST discard
+the packet.  This prevents an off-path attacker from injecting a Retry packet.
+The client responds to a Retry packet with an Initial packet that includes the
+provided Retry Token to continue connection establishment.
+A server that might send another Retry packet in response to a subsequent
+Initial packet MUST set the Source Connection ID to a new value of at least 8
+octets in length.  This allows clients to distinguish between Retry packets when
+the server sends multiple rounds of Retry packets.  Consequently, a valid Retry

@mikkelfj if the client uses a new SCID then it would be considered an entirely new connection, and might elicit another Retry. I am talking about removing the requirement from the server in generating new random CID, and instead have the client generate a new random DCID for each try.

Also, on the going further, I am only talking about Retry. After that, in the handshake the server can/will change the CID to whatever it wants.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: