Re: [quicwg/base-drafts] Let server abort on post-Retry packet number reset (#3990)

Marten Seemann <> Wed, 02 September 2020 02:54 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 817BA3A074B for <>; Tue, 1 Sep 2020 19:54:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.483
X-Spam-Status: No, score=-1.483 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 16flZ_BNIM_2 for <>; Tue, 1 Sep 2020 19:54:05 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2251D3A0407 for <>; Tue, 1 Sep 2020 19:54:05 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 3AEEB8403D2 for <>; Tue, 1 Sep 2020 19:54:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1599015244; bh=CJzn1yhASjbnZQLb6dxePmbwzP6TpsLh9OfPuaxssjk=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=LUCtt6u3Boy8YNBXBU3J0QT47khBX3ytXLgDFCef/9NGHFGSymOoviAqEhwqG8r98 tehP6kbqEhh8BjnQeSQPcWGEfWV3IWgTO1dWTfLmz9EWF3I+jU8vbo5b8Y0gbhSxC1 kYHQedFdNG+LJ9xlWc5VnFTrxiOTQGqu/tCqiiJ4=
Date: Tue, 01 Sep 2020 19:54:04 -0700
From: Marten Seemann <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3990/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Let server abort on post-Retry packet number reset (#3990)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5f4f094c2abdb_6ae219644092eb"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: marten-seemann
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 02 Sep 2020 02:54:07 -0000

@marten-seemann commented on this pull request.

> @@ -4807,6 +4807,8 @@ responding to a Retry packet. However, the data sent in these packets could be
 different than what was sent earlier. Sending these new packets with the same
 packet number is likely to compromise the packet protection for those packets
 because the same key and nonce could be used to protect different content.
+A server MAY abort the connection if it detects that the client reset the

> My argument for why here is because this PN reuse can be a security issue.

I disagree with this statement. There's only a security issue if the client resets the 0-RTT packet number space, but the server wouldn't be able to detect that, since it wouldn't even bother to unprotect 0-RTT packets. So the only violation that can be detected here is the reuse of packet numbers in the Initial packet number space. Since the Initial keys are publicly known anyway, this can't be a security issue.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: