Shortening the text, per Martin Thomson's review

quicwg · Apr 20, 2017 · 693758b · martinthomson · Apr 20, 2017 · 693758b
1 parent 105e26e
commit 693758b
Showing 1 changed file with 12 additions and 25 deletions.
diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md
@@ -2697,35 +2697,22 @@ also be forward-secure encrypted.  Since the attacker will not have the forward
 secure key, the attacker will not be able to generate forward-secure encrypted
 packets with ACK frames.
 
-## Stream commitment attack
-
-An adversarial client may try to use the
-stream creation process to open a large
-number of streams and induce the server to
-commit memory resource for the various
-streams. The adversarial client, or clients, would repeat the process on a
-large number of connections, in an attempt to exhaust the server memory. This
-attack is in some ways similar to SYN flooding attack in TCP, in which the
-attackers try to exhaust a server memory by creating a large number of half
-open TCP connections. It is less potent than the SYN flooding attack, since
-stream creation is much lighter weight than the creation of TCP-IP connections,
-and stream control data presumably requires less
-memory resource than a TCP protocol
-control block. However, the attack can be amplified if the adversarial
-client can open multiple streams with a single message.
+## Stream Commitment Attack
+
+An adversarial endpoint can open lots of streams,
+exhausting state on the server.
+The adversarial endpoint, or endpoint, could repeat the process on a
+large number of connections, in a manner similar to
+SYN flooding attacks in TCP.
 
 Normally, clients will open streams sequentially,
-as explained in {{stream-identifiers}}.
+as explained in {{stream-identifiers}}. 
 However, when several streams are initiated at short intervals,
 transmission error may cause STREAM DATA frames opening streams to be
-received out of sequence. Some implementations will have provisions to
-open all intermediate streams in case of out-of-sequence arrival. For example,
-a server that receive STREAM DATA for streams 3 and then 9 may decide to
-open stream 5 and 7 immediately. An adversarial client
-would for example exploit that
-design by sending STREAM DATA for streams 3 and the 2,000,001, causing the
-server to open 1 million connections, and contributing to server resource
-exhaustion.
+received out of sequence. A receiver is obligated to open intervening
+streams if a higher-numbered stream ID is received. Thus, on a
+new connection, opening stream 2000001 opens 1 million streams,
+as required by the specification. 
 
 The number of active streams is limited
 by the concurrent stream limit transport