Re: [quicwg/base-drafts] Clarify client anti-amplification response (#3445)

Martin Thomson <> Wed, 19 February 2020 21:22 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9F04D120810 for <>; Wed, 19 Feb 2020 13:22:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -7.999
X-Spam-Status: No, score=-7.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Uiax830mp52z for <>; Wed, 19 Feb 2020 13:22:04 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 464C412022D for <>; Wed, 19 Feb 2020 13:22:04 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 97B9CC60B21 for <>; Wed, 19 Feb 2020 13:22:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1582147323; bh=Um2nCT1wO1S3VcUCc+LQ0bQSI48S+E1SjZuHsQvl+Hc=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=v6QDZDeDfuD5Dti2pQX9XceNVokEiapprgFxbnmX7tBSDGRgUg8Y6QxmaHdWXMA38 E0Md1SVCozOAJOc6hCvZsiNUCX8NExZb7m34hUv2pj6h5SAhc2SyKtpqKocvWoVyFw zGxiqTMASiltBihaRIthB7kCyct3L4KxjPWUhB/0=
Date: Wed, 19 Feb 2020 13:22:03 -0800
From: Martin Thomson <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3445/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Clarify client anti-amplification response (#3445)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5e4da6fb8560c_53113fb031ecd96813945a"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 19 Feb 2020 21:22:07 -0000

martinthomson commented on this pull request.

> -handshake deadlock, clients MUST send a packet upon a probe timeout, as
-described in {{QUIC-RECOVERY}}. If the client has no data to retransmit and does
-not have Handshake keys, it MUST send an Initial packet in a UDP datagram of
-at least 1200 bytes.  If the client has Handshake keys, it SHOULD send a
-Handshake packet.
+Loss of an Initial or Handshake packet from the server can cause a deadlock if
+the client does not send additional Initial or Handshake packets.  The server
+can reach its anti-amplification limit, but if the client has received
+acknowledgements for all the data is has sent, it has no reason to send more
+packets. In this case, where the client would otherwise not send any
+additional packets, the server will be unable to send because it has not
+received enough from the client or validated the clients address. To prevent
+this deadlock, clients MUST send a packet on a probe timeout, or PTO;
+see Section 5.3 of {{QUIC-RECOVERY}}. In this case, the client MUST send an
+Initial packet in a UDP datagram of at least 1200 bytes if it does not have
+Handshake keys, and otherwise send a Handshake packet.

A proper, updated DCID isn't guaranteed to unblock the server. That is why we haven't expressly allowed for that to be used.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: