Re: [quicwg/base-drafts] Encrypting Retry token (#3274)

Praveen Balasubramanian <notifications@github.com> Sat, 07 December 2019 13:31 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42837120024 for <quic-issues@ietfa.amsl.com>; Sat, 7 Dec 2019 05:31:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.454
X-Spam-Level:
X-Spam-Status: No, score=-6.454 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DNfuaJpY7xSj for <quic-issues@ietfa.amsl.com>; Sat, 7 Dec 2019 05:31:49 -0800 (PST)
Received: from out-19.smtp.github.com (out-19.smtp.github.com [192.30.252.202]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0199120219 for <quic-issues@ietf.org>; Sat, 7 Dec 2019 05:31:43 -0800 (PST)
Received: from github-lowworker-c5134a3.ac4-iad.github.net (github-lowworker-c5134a3.ac4-iad.github.net [10.52.23.55]) by smtp.github.com (Postfix) with ESMTP id 85BB65208A7 for <quic-issues@ietf.org>; Sat, 7 Dec 2019 05:31:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1575725502; bh=+VrtH/s/I0R8k4/yRBRJecY/bfkuqSMmIUJwTScnJ1Y=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=Gq6hNrSW+H9Uzh96lkDj9vupzrtIRyx+VKaWrs47GX+zz1uxgo8AEn4mL9Ak5u4qo SXwDJ2GTzzJ4qjXTAmuByp8WcDJQXq0CYD53yXsSHvrI3U2nFR7KPj/Chs1gtgZuRo wimO2M+YjQyU1cTPbSFKESCM/dQcqdwXqGe80VS0=
Date: Sat, 07 Dec 2019 05:31:42 -0800
From: Praveen Balasubramanian <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK55YC6OCDCZV7UD3KN37DOD5EVBNHHB7CUNWA@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/3274/562851528@github.com>
In-Reply-To: <quicwg/base-drafts/issues/3274@github.com>
References: <quicwg/base-drafts/issues/3274@github.com>
Subject: Re: [quicwg/base-drafts] Encrypting Retry token (#3274)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5deba9be6abd9_8fb3fa8408cd96c1260a4"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: pravb
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/sRS_a2Wd3sxIKWAqfonnBPDUT1g>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Dec 2019 13:31:51 -0000

I too think anything more than a checksum is unnecessary here. For a corner case scenario where there is NATting, we should not make the common case expensive. Given this is a DoS protection scenario when the system is deemed to be under attack, the mechanism we pick must be the least CPU intensive. My vote is to just keep simple checksum. Anything more is unnecessary because no need has been demonstrated for it. 

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/3274#issuecomment-562851528