Revert changes to the invariants

quicwg · Jan 15, 2019 · 3a0b08c · 3a0b08c
1 parent 738fec2
commit 3a0b08c
Showing 1 changed file with 18 additions and 55 deletions.
diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md
@@ -1137,16 +1137,15 @@ version downgrade attacks.
 When a draft implementation receives a Version Negotiation packet, it MAY use
 it to attempt a new connection with one of the supported versions.
 
-The client MUST check that Destination Connection ID and Original Destination
-Connection ID fields in the Version Negotiation packet match the Source and
-Destination Connection ID fields in a packet that the client sent.  If this
-check fails, the packet MUST be discarded.
+The client MUST check that the Destination and Source Connection ID fields
+match the Source and Destination Connection ID fields in a packet that the
+client sent.  If this check fails, the packet MUST be discarded.
 
 Once the Version Negotiation packet is determined to be valid, the client then
 selects an acceptable protocol version from the list provided by the server.
-The client then attempts to create a new connection using that version, and
-the Source Connection ID from the Version Negotiation packet as its new
-Destination Connection ID.
+The client then attempts to create a new connection using that version. The new
+connection MUST use a new random Destination Connection ID different from the
+one it had previously sent.
 
 Note that this mechanism does not protect against downgrade attacks and
 MUST NOT be used outside of draft implementations.
@@ -3421,7 +3420,7 @@ The layout of a Version Negotiation packet is:
  0                   1                   2                   3
  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
 +-+-+-+-+-+-+-+-+
-|1|R R R| ODCIL |
+|1|  Unused (7) |
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |                          Version (32)                         |
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
@@ -3431,10 +3430,6 @@ The layout of a Version Negotiation packet is:
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |                 Source Connection ID (0/32..144)            ...
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-|          Original Destination Connection ID (0/32..144)     ...
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-|               Number of Supported Versions (i)              ...
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |                    Supported Version 1 (32)                 ...
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |                   [Supported Version 2 (32)]                ...
@@ -3443,55 +3438,23 @@ The layout of a Version Negotiation packet is:
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |                   [Supported Version N (32)]                ...
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-|                       Unused Payload (*)                    ...
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 ~~~
 {: #version-negotiation-format title="Version Negotiation Packet"}
 
-The Version field of a Version Negotiation packet MUST be set to 0x00000000.
-A Version Negotiation packet contains the following fields:
-
-Reserved Bits (R):
-
-: The three bits with a mask of 0x70 of byte 0 are reserved. They MUST be sent
-  sent as all-zeroes and MUST be ignored upon receipt.
-
-ODCIL:
-
-: The four least-significant bits of byte 0 encode the length of the Original
-  Destination Connection ID field.  The length uses the same encoding as the
-  DCIL and SCIL fields.
-
-Original Destination Connection ID:
-
-: The Original Destination Connection ID contains the value of the Destination
-  Connection ID from the Initial packet that this Version Negotiation packet is
-  in response to. The length of this field is given in ODCIL.
-
-Number of Supported Versions:
-
-: The number of supported versions following this field, encoded as a
-  variable-length integer ({{integer-encoding}}). This field MUST NOT be zero.
-
-Supported Versions:
-
-: A list of 32-bit versions which the server supports.
-
-Unused Payload:
-
-: The rest of the packet after the supported versions is currently unused.
-  It MUST be sent empty and MUST be silently ignored upon reception.  This
-  allows future extensibility of Version Negotiation packets.
+The value in the Unused field is selected randomly by the server.
 
+The Version field of a Version Negotiation packet MUST be set to 0x00000000.
 
 The server MUST include the value from the Source Connection ID field of the
-packet it receives in the Destination Connection ID field.  The server includes
-a connection ID of its choice in the Source Connection ID field. This value
-MUST not be equal to the Destination Connection ID field of the packet sent by
-the client.  Echoing both connection IDs (source is echoed in destination and
-destination is echoed in original destination) gives clients some assurance
-that the server received the packet and that the Version Negotiation packet
-was not generated by an off-path attacker.
+packet it receives in the Destination Connection ID field.  The value for Source
+Connection ID MUST be copied from the Destination Connection ID of the received
+packet, which is initially randomly selected by a client.  Echoing both
+connection IDs gives clients some assurance that the server received the packet
+and that the Version Negotiation packet was not generated by an off-path
+attacker.
+
+The remainder of the Version Negotiation packet is a list of 32-bit versions
+which the server supports.
 
 A Version Negotiation packet cannot be explicitly acknowledged in an ACK frame
 by a client.  Receiving another Initial packet implicitly acknowledges a Version