Re: [quicwg/base-drafts] Encrypting Retry token (#3274)

Nick Banks <notifications@github.com> Tue, 03 December 2019 16:04 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49B281200CC for <quic-issues@ietfa.amsl.com>; Tue, 3 Dec 2019 08:04:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.454
X-Spam-Level:
X-Spam-Status: No, score=-6.454 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wUCcumNG9PXR for <quic-issues@ietfa.amsl.com>; Tue, 3 Dec 2019 08:04:57 -0800 (PST)
Received: from out-3.smtp.github.com (out-3.smtp.github.com [192.30.252.194]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66F33120086 for <quic-issues@ietf.org>; Tue, 3 Dec 2019 08:04:57 -0800 (PST)
Received: from github-lowworker-45eca55.ac4-iad.github.net (github-lowworker-45eca55.ac4-iad.github.net [10.52.25.70]) by smtp.github.com (Postfix) with ESMTP id 91BF22C2CDA for <quic-issues@ietf.org>; Tue, 3 Dec 2019 08:04:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1575389096; bh=o+8iNmrhi6D2jnaesaLAURuf8qh8PSDCZtO2z6y123Y=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=cfBYcwtXfP/ekkIgJi2QCIEGcV/o0nc3agOq1Ph6evzUiFlgXkLZtzamlXWZeLqhi MrQu1hGkPiFuN/8yEhd3bl8pMA9fpJJW6AR728s5Hyy6M19jwyme814AJP4zLiximc ENucRnoCfAxz+NOJJ+yX/brf13FGfqF9v/HumgN0=
Date: Tue, 03 Dec 2019 08:04:56 -0800
From: Nick Banks <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK4RQOVOALNOHWVQDE536O5CREVBNHHB7CUNWA@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/3274/561235673@github.com>
In-Reply-To: <quicwg/base-drafts/issues/3274@github.com>
References: <quicwg/base-drafts/issues/3274@github.com>
Subject: Re: [quicwg/base-drafts] Encrypting Retry token (#3274)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5de687a88245d_13df3f81ea6cd9681138a7"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: nibanks
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/tilTYJ6rLrho7qevPenTrAfEczs>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Dec 2019 16:04:59 -0000

I'm working with our hardware vendor that does DoS mitigation for Azure. Give me a little time and I'll try to get back to you with data.

Also, as far as the cost to the client for Retry, IMO, the higher the better. The goal in this scenario is to make it more expensive for attackers who are spamming initial packets. For a normal client creating a single connection, the cost is insignificant as ekr points out.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/3274#issuecomment-561235673