Re: [quicwg/base-drafts] RESET_STREAM should be allowed in 0-RTT packets (#2344)

Christian Huitema <> Thu, 31 January 2019 01:10 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D9339126CC7 for <>; Wed, 30 Jan 2019 17:10:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -11.149
X-Spam-Status: No, score=-11.149 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 1xFj1bSlqcag for <>; Wed, 30 Jan 2019 17:09:59 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 291CE12008A for <>; Wed, 30 Jan 2019 17:09:59 -0800 (PST)
Date: Wed, 30 Jan 2019 17:09:58 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1548896998; bh=Ae2XAdWXkPG+aMFORC78k8VT9A4IbkW++2UN2OIngBo=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=JmgUGmIzlH0VNES29AvAwOmUiBgswZIQf2uGlpE1B7TS2SoXSH9OffbMfVzqFBbmh 6VmouNmjLgoegYQ3LYg3/1ik9jBgF5Wojk4QclpTEcjF6AjFOaOX2oCx/mEJyiNuwr SirmrchyFk7xKjip8Zua51/IlRtWPftW2IBty1pk=
From: Christian Huitema <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/2344/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] RESET_STREAM should be allowed in 0-RTT packets (#2344)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c524ae62481e_225a3f904ced45c42569e1"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: huitema
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 31 Jan 2019 01:10:01 -0000

I am concerned with the attack in which the 0-RTT data is replayed by a third party, maybe also with a replayed "retry token". Do we want more than 3 packets there? Do we really want to allow sending a large flow control window of data?

Also, 0-RTT may very well be rejected by the server. Sending something that changes connection state looks weird, because all these frames can be dropped.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: