Re: [quicwg/base-drafts] RESET_STREAM should be allowed in 0-RTT packets (#2344)

Kazuho Oku <> Mon, 28 January 2019 06:17 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7F9E6130F2F for <>; Sun, 27 Jan 2019 22:17:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -12.552
X-Spam-Status: No, score=-12.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id mRC7TPt_0T3s for <>; Sun, 27 Jan 2019 22:17:19 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 921DC12DF72 for <>; Sun, 27 Jan 2019 22:17:19 -0800 (PST)
Date: Sun, 27 Jan 2019 22:17:18 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1548656238; bh=cwbgSiZ2RIma2XiBpRQX7ibZ9hRlcefirERyBOtX/74=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=RjYmQ0b5DaK9K0EhX3coUp9wYgnfLabEn6UrHHFjxZ2iaOhcKgQMcoAIaJ8X8e6dH qiwVfBYjsrjxeW6Z0S42t5dYDaYjTk63LfF8ofsvi6A3Uf0SMyc/tvngDfjLL/SLJu mKjTkaOKsMX7jr2yu7K75GP97vC2g7vOCKCn1RK8=
From: Kazuho Oku <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/2344/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] RESET_STREAM should be allowed in 0-RTT packets (#2344)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c4e9e6ea3d37_20923fecca2d45b42597539"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 28 Jan 2019 06:17:21 -0000

> If I understand correctly, the server switches to 1-RTT right after receiving the Client Initial, doesn't it? That means that PTO will have its initial value, and not be client-controlled.

In the scenario that we are discussing (yeah the thread is getting long), the attacker sends the Initial packet that contains an ACK to the server's Initial. That means that if an attacker can for example send the ACK after 3 seconds (3 seconds of RTO!) to have an open window of additional 9 seconds to perform an attack.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: