Return-Path: X-Original-To: quic-issues@ietfa.amsl.com Delivered-To: quic-issues@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6EFD913116C for ; Tue, 26 Jun 2018 21:30:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -8.01 X-Spam-Level: X-Spam-Status: No, score=-8.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZzzPwA4sFKHz for ; Tue, 26 Jun 2018 21:30:02 -0700 (PDT) Received: from out-3.smtp.github.com (out-3.smtp.github.com [192.30.252.194]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 780D5130F2D for ; Tue, 26 Jun 2018 21:30:02 -0700 (PDT) Date: Tue, 26 Jun 2018 21:30:01 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1530073801; bh=JGM3ViMSNzXs4N7t2JSlC0Q4yjZkrvBcf9R1d+zresg=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=FxaKiwXimGUqE0pyq92o/rd3LMA+zJJ3jluogQwPJw+InACqaL92tytksf9hFLQNu gTnFV3cgqZJS6AhVaywKUl4JpvXCYwwygS8tVt1cGGScJ1dN0BpkTCwqqjf/kgcWzA FujDHT1u5ukRVAbWOXTdqLn5c7YGS4y3Oom5Nh9s= From: Kazuho Oku Reply-To: quicwg/base-drafts To: quicwg/base-drafts Cc: Subscribed Message-ID: In-Reply-To: References: Subject: Re: [quicwg/base-drafts] Client's initial source CID is unauthenticated (#1479) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5b3312c9d18c4_65753fef47482f80113570"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list X-GitHub-Sender: kazuho X-GitHub-Recipient: quic-issues X-GitHub-Reason: subscribed X-Auto-Response-Suppress: All X-GitHub-Recipient-Address: quic-issues@ietf.org Archived-At: X-BeenThere: quic-issues@ietf.org X-Mailman-Version: 2.1.26 List-Id: Notification list for GitHub issues related to the QUIC WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jun 2018 04:30:10 -0000 ----==_mimepart_5b3312c9d18c4_65753fef47482f80113570 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit > Regarding the IP address authentication, is that statement true considering Retry packets and tokens? Isn't one point of the Retry packet to validate the client source address? Yeah I'd say that the server "validates" the path, but it doesn't "authenticate" the path by asking the client prove that it has selected that IP address (which is impossible for a client to prove when NAT is involved). -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/1479#issuecomment-400539297 ----==_mimepart_5b3312c9d18c4_65753fef47482f80113570 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Regarding the IP address authentication, is that statement true consid= ering Retry packets and tokens? Isn't one point of the Retry packet to va= lidate the client source address?

Yeah I'd say that the server "validates" the path, but it doesn't "aut= henticate" the path by asking the client prove that it has selected that = IP address (which is impossible for a client to prove when NAT is involve= d).

&m= dash;
You are receiving this because you are subscribed to this thre= ad.
Reply to this email directly, view it on GitHub,= or mute the thread.3D""

= ----==_mimepart_5b3312c9d18c4_65753fef47482f80113570--