Re: Is the invariants draft really standards track?

Paul Vixie <> Wed, 27 May 2020 20:44 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A5C9B3A0B8E for <>; Wed, 27 May 2020 13:44:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id mRiQyIRiVrTn for <>; Wed, 27 May 2020 13:44:40 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 0D6B03A0B90 for <>; Wed, 27 May 2020 13:44:40 -0700 (PDT)
Received: from linux-9daj.localnet ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by (Postfix) with ESMTPSA id 60226B074A; Wed, 27 May 2020 20:44:38 +0000 (UTC)
From: Paul Vixie <>
To: Christian Huitema <>, Kyle Rose <>, Ian Swett <>,
Cc: Lars Eggert <>, IETF QUIC WG <>, Martin Duke <>, Jared Mauch <>, "Lubashev, Igor" <>
Subject: Re: Is the invariants draft really standards track?
Date: Wed, 27 May 2020 20:44:32 +0000
Message-ID: <4396640.VYLyhTF5Y9@linux-9daj>
Organization: none
In-Reply-To: <>
References: <> <> <>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
Archived-At: <>
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 27 May 2020 20:44:44 -0000

On Wednesday, 27 May 2020 16:06:57 UTC Lubashev, Igor wrote:
> I’m working on a manageability draft PR for this (how to rate limit UDP to
> reduce disruption to QUIC if you have to rate limit UDP).  ETA end of the
> week (if I do not get pulled into something again).
> The relevant observation is that DDoS with UDP that is indistinguishable
> from QUIC will happen.  UDP is already the most prevalent DDoS vector,
> since it is easy for a compromised non-admin app to send a flood of huge
> UDP packets (with TCP you get throttled by the congestion controller).  So
> there WILL be DDoS protection devices out there to try to mitigate the
> problem, possibly by observing both directions of the flow and deciding
> whether a packet belongs to a valid flow or not.

> Since such middle boxes will be created, the more explicit and normative
> Invariants are about what one can expect, the less such middle boxes may
> decide for themselves.  For example (I did not think long about it), if
> some elements of path validation could land into Invariants (roughly, “no
> more than X packets/bytes can be sent on a new path w/o a return packet”),
> a DDoS middle box may use this fact and active connection migration might
> still have a chance during an attack (NAT rebinding could be linked by DDoS
> boxes to an old connection via unchanged CID).

this thinking ties in closely with my own manageability concern, which is 
policy control by managed private (endpoint) networks. right now the quic 
manageability draft is in a state where QUIC traffic is not identifiable, 
which is a goal for some but a problem for others. i'd like to be able to 
permit outbound QUIC through my firewall for most of the ways i do with TCP 
today, but i can't currently identify QUIC flows. i think that's the same 
problem as for your predicted "middlebox" situation.