From 9504a9fab1d12a599738996cf8ba9c0cda6d9d9e Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Wed, 23 Dec 2020 10:59:02 +1100 Subject: [PATCH] nits Co-authored-by: Jana Iyengar --- draft-ietf-quic-tls.md | 4 ++-- draft-ietf-quic-transport.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/draft-ietf-quic-tls.md b/draft-ietf-quic-tls.md index 5b9248f2c7..d9c7c55486 100644 --- a/draft-ietf-quic-tls.md +++ b/draft-ietf-quic-tls.md @@ -1386,8 +1386,8 @@ incoming 1-RTT protected packets before the TLS handshake is complete. Retry packets (see the Retry Packet section of {{QUIC-TRANSPORT}}) carry a Retry Integrity Tag that provides two properties: it allows discarding -packets that have accidentally been corrupted by the network; and only an -entity that receives an Initial packet is able to send a valid Retry packet. +packets that have accidentally been corrupted by the network; only an +entity that receives an Initial packet can send a valid Retry packet. The Retry Integrity Tag is a 128-bit field that is computed as the output of AEAD_AES_128_GCM ({{!AEAD}}) used with the following inputs: diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index fd838c8b7d..ad294f3a58 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -4258,7 +4258,7 @@ Path Maximum Transmission Unit Discovery (PMTUD; {{!RFC1191}}, {{!RFC8201}}) relies on reception of ICMP messages (e.g., IPv6 Packet Too Big messages) that indicate when an IP packet is dropped because it is larger than the local router MTU. DPLPMTUD can also optionally use these messages. This use of ICMP messages -is potentially vulnerable to attacks by elements that cannot observe packets, +is potentially vulnerable to attacks by elements that cannot observe packets but might successfully guess the addresses used on the path. These attacks could reduce the PMTU to a bandwidth-inefficient value.