Re: [quicwg/base-drafts] ICID or OCID? (#2926)

Mike Bishop <> Tue, 13 August 2019 15:27 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D55E5120858 for <>; Tue, 13 Aug 2019 08:27:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -7.999
X-Spam-Status: No, score=-7.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 4RQmXloKsXQX for <>; Tue, 13 Aug 2019 08:27:21 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 9405912083C for <>; Tue, 13 Aug 2019 08:27:20 -0700 (PDT)
Date: Tue, 13 Aug 2019 08:27:19 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1565710039; bh=l/ZG02JHujap27BtOCuEpHTJ9pLSZ81tW6jSqBEubrE=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=WEM43tdofZcf90Ah03rRTNTsSH4I4xMzHz5bLtVewFoSt3g1wLvBXWBr5vHT8yYL5 gotUlGi0jjc4w+ktGJeFzIqKbB1tLtIRCW6gfqvTNMrKLnTEkNkWPVAel0x3omvrIy zQzykU1Be1n0K8zFWadmIpnFoBQynYNLf5sbchzI=
From: Mike Bishop <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/2926/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] ICID or OCID? (#2926)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d52d6d777ec9_504c3f97e38cd95c274860"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: MikeBishop
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 13 Aug 2019 15:27:26 -0000

Two different things, but you're probably right that they should both be explicitly defined:

- The "Original destination connection ID" is the DCID used in the client's very first Initial packet.  If the server responded with a Retry, the server needs to:
    - include the ODCID in the Retry packet to verify the Retry packet came from something on-path
    - include the ODCID in the eventual handshake's transport parameters to verify that the Retry packet originated from the server or something cooperating with it, not a MITM
- The "Initial connection ID" is the DCID used in the client's Initial packet to which the server responded with an Initial.  This CID determines the keys used for Initial packets throughout the handshake. (But see #2823.)  This CID might have been server-chosen (from a Retry) or client-chosen (no Retry).

If there's no Retry packet, they refer to the same CID, but I don't think there's a reference to the ODCID outside the context of a Retry.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: