Re: [quicwg/base-drafts] Add initial threat model to security considerations (#2925)

Eric Kinnear <> Sat, 16 November 2019 12:44 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1AFA11200F4 for <>; Sat, 16 Nov 2019 04:44:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -7.999
X-Spam-Status: No, score=-7.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id hr4aNyDC4tEe for <>; Sat, 16 Nov 2019 04:44:36 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 081BE1200B4 for <>; Sat, 16 Nov 2019 04:44:35 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id E9077A0835 for <>; Sat, 16 Nov 2019 04:44:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1573908274; bh=YvfYzbPmnSZMZqcYt1kJzw87Fega57ghdMYGEO8P2cw=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=PWlmvkQtYhpF6Y2F4O9bouXoLIWoMouI3pgQbEoS4Td7lacMGUyvPf9Bov/Z62gSW KOnaOh4N5i/3peV+0/I5NYM0ZL9viWpS40VoDA2be5Y9SkRuUqbozBx56qMEAL3G0Q wE2CrWWiWK77kGVCLLOGAtySCWlng32pn6cKI2hk=
Date: Sat, 16 Nov 2019 04:44:34 -0800
From: Eric Kinnear <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/2925/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Add initial threat model to security considerations (#2925)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5dcfef32d920a_619c3fe05c6cd96026567b0"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: erickinnear
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 16 Nov 2019 12:44:43 -0000

erickinnear commented on this pull request.

> +
+However, an attacker can modify the boundaries between QUIC packets and UDP
+datagrams, causing multiple packets to be coalesced into a single datagram, or
+splitting coalesced packets into multiple datagrams.  Such modification has no
+functional effect on a QUIC connection, however it might change the performance
+characteristics exhibited by the receiving endpoint.
+A spoofing attack, in which an attacker rewrites unprotected parts of a QUIC
+packet such as the source or destination address, is only effective if the
+attacker can forward packets to the original endpoint, as path validation
+({{migrate-validate}}) ensures that an endpoint's ability and willingness to
+decrypt QUIC packets is demonstrated before sending significant amounts of data
+to a new endpoint as part of an established QUIC connection.
+##### On-Path Active Attacks

Looking at this in more detail, it looks like we can move much of the definition to the beginning of the whole section, which leaves this part to be much smaller and less nested. :)

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: