Re: [quicwg/base-drafts] Allow most frames in 0-RTT (#2355)

Mike Bishop <> Sat, 09 March 2019 00:33 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8E9241279B1 for <>; Fri, 8 Mar 2019 16:33:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -8.002
X-Spam-Status: No, score=-8.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id wP6AF7d7SL0D for <>; Fri, 8 Mar 2019 16:33:38 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id BDC561279A2 for <>; Fri, 8 Mar 2019 16:33:38 -0800 (PST)
Date: Fri, 08 Mar 2019 16:33:37 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1552091617; bh=XUvKnOvNjfQmmtaTjsicHlwUpIFFxmStAw9eDBg4muQ=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=uFJWF8Ssrfae6I17kQXp+pcWR8qj44pe5OXJUPFbHsTrz2I15/Fh9fcJuTlbK4oMG Xt8bA5WDf0/GTIQtjvikL1/T3jYfkLVaYmbs8WOp1XT5nucfaOeXBS7WQpCawb6Ob5 0fIBpjPmDB4yohea+fwjX8cjEGt0fi8jAN9pu3Tk=
From: Mike Bishop <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/2355/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Allow most frames in 0-RTT (#2355)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c8309e1da9a7_399b3fa5702d45c44792a"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: MikeBishop
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 09 Mar 2019 00:33:41 -0000

MikeBishop approved this pull request.

> +
+: TLS session tickets and address validation tokens are used to carry QUIC
+  configuration information between connections.  These MUST NOT be used to
+  carry application state.  The potential for reuse of these tokens means that
+  they require stronger protections against replay.
+A server that accepts 0-RTT on a connection incurs a higher cost than accepting
+a connection without 0-RTT.  This includes higher processing and computation
+costs.  Servers need to consider the probability of replay and all associated
+costs when accepting 0-RTT.
+Ultimately, the responsibility for managing the risks of replay attacks with
+0-RTT lies with an application protocol.  An application protocol that uses QUIC
+MUST describe how the protocol uses 0-RTT and the measures that are employed to
+protect against replay attack.  An analysis of replay risk needs to consider
+all QUIC protocol features carry application semantics.

all QUIC protocol features which carry application semantics.

> @@ -1281,6 +1280,50 @@ Never assume that because it isn't in the security considerations section it
 doesn't affect security.  Most of this document does.
+## Replay Attacks with 0-RTT
+As described in Section 8 of {{!TLS13}}, use of TLS early data comes with an
+exposure to replay attack.  The use of 0-RTT in QUIC is similarly vulnerable to
+replay attack.
+Endpoints MUST implement and use the replay protections described in {{!TLS13}},
+however it is recognized that these protections are imperfect.  Therefore,
+additional consideration of the risk of replay are needed.

additional consideration of the risk of replay is needed.
(or "considerations ... are")

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: