From 8ebd3bb542cd4ed97c6c7c5ef4a1f92e0391953f Mon Sep 17 00:00:00 2001
From: Martin Thomson <mt@lowentropy.net>
Date: Wed, 11 Dec 2019 11:04:23 +1100
Subject: [PATCH] Disable spin randomly per-path or per-CID

This addresses linkability concerns.

Builds on #3270 and includes suggested improvements.

Closes #3270.
Closes #3257.
Closes #2628.
---
 draft-ietf-quic-transport.md | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md
index eb0a2c743a..c3002e132a 100644
--- a/draft-ietf-quic-transport.md
+++ b/draft-ietf-quic-transport.md
@@ -4380,11 +4380,10 @@ support the spin bit MUST implement it as specified in this section.
 Each endpoint unilaterally decides if the spin bit is enabled or disabled for a
 connection. Implementations MUST allow administrators of clients and servers
 to disable the spin bit either globally or on a per-connection basis. Even when
-the spin bit is not disabled by the administrator, implementations MUST disable
-the spin bit for at least a sixteenth of connections with an expectation that
-the spin bit is disabled for at least one eighth of network paths. The selection
-process performed at the beginning of the connection SHOULD be applied for all
-paths used by the connection.
+the spin bit is not disabled by the administrator, endpoints MUST disable their
+use of the spin bit for a random selection of at least one in every 16 network
+paths, or for one in every 16 connection IDs. This ensures that the spin bit
+signal is disabled on approximately one in eight network paths.
 
 When the spin bit is disabled, endpoints MAY set the spin bit to any value, and
 MUST ignore any incoming value. It is RECOMMENDED that endpoints set the spin