Re: [quicwg/base-drafts] No need for RCID if the peer increases Retire Prior To (#3550)

Kazuho Oku <> Sat, 28 March 2020 23:42 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id DE7F03A0937 for <>; Sat, 28 Mar 2020 16:42:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.082
X-Spam-Status: No, score=0.082 tagged_above=-999 required=5 tests=[DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_24=1.282, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id F2YTfuCuVbfY for <>; Sat, 28 Mar 2020 16:42:38 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 979B93A0938 for <>; Sat, 28 Mar 2020 16:42:38 -0700 (PDT)
Date: Sat, 28 Mar 2020 16:42:37 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1585438957; bh=e1cZlZCpZ4GkA+pfIPWk5PeIB3kHXvMvPwMGVgXtZPc=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=E85ROrbx+9rp5kL1pcSwF6GoXe/0W9/PiCLLvaqXdRO/Q5yduKV6YSm91FaImco+F RolYCFHtYcpcS1Hn/RjSsQ9n/yLXR5gvqi+FlmQZ7ze0yzoTi2YTr8XxrapdQxbbjg eb9eqEQDzc/3KRx2VLfLWj03jwGcUb3kKibTtSBc=
From: Kazuho Oku <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3550/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] No need for RCID if the peer increases Retire Prior To (#3550)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5e7fe0edb3492_6e1d3fcd6accd9641180cb"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: kazuho
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 28 Mar 2020 23:42:40 -0000

I think that the change by itself would not be a bad idea, though I would point out that an endpoint still needs to restrict the number of CIDs sent using RCID, to protect itself from the other attack that uses migration as the attack vector (#3509 (comment)).

The beauty of #3547 is that it provides a unified way of defending against the attacks (by allowing and endpoint to limit the stack it uses for tracking RCIDs). Compared to that, this PR would require two mitigations: limit the state _and_ special-case for handling RPT.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: