Merge branch 'master' into patch-8

Author: martinthomson

.lint.py

@@ -0,0 +1,59 @@
+#!/usr/bin/env python3
+
+import sys
+import argparse
+import re
+
+parser = argparse.ArgumentParser(description='Lint markdown drafts.')
+parser.add_argument('files', metavar='file', nargs='+', help='Files to lint')
+parser.add_argument('-l', dest='maxLineLength', default=80)
+parser.add_argument('-f', dest='maxFigureLineLength', default=65)
+
+args = parser.parse_args()
+
+foundError = False
+
+for inputfile in args.files:
+    insideFigure = False
+    beforeAbstract = True
+    with open(inputfile, 'U') as draft:
+        linecounter = 1
+        lines = draft.readlines()
+
+        abstract = re.compile('^--- abstract')
+        table = re.compile('^\s*(?:\||{:)')
+        figure = re.compile('^[~`]{3,}')
+
+        for line in lines:
+            line = line.rstrip('\r\n')
+            linenumber = linecounter
+            linecounter += 1
+
+            # Skip everything before abstract
+            if beforeAbstract:
+                matchObj = abstract.match(line)
+                if matchObj:
+                    beforeAbstract = False
+                continue
+
+            # Skip tables
+            matchObj = table.match(line)
+            if matchObj:
+                continue
+
+            # Toggle figure state
+            matchObj = figure.match(line)
+            if matchObj:
+                insideFigure = not insideFigure
+                continue
+
+            # Check length
+            length = len(line)
+            limit = args.maxFigureLineLength if insideFigure else args.maxLineLength
+            if length > limit:
+                foundError = True
+                sys.stderr.write("{0}: Line is {1} characters; limit is {2}\n".format(
+                    linenumber, length, limit))
+                sys.stderr.write("{0}\n".format(line))
+
+sys.exit(1 if foundError else 0)

Makefile

@@ -14,15 +14,13 @@ endif
 
 latest:: lint
 .PHONY: lint
+
+PYTHON := $(shell which python3)
+ifeq ($(PYTHON),)
+PYTHON := $(shell which python)
+endif
+
+ifneq ($(PYTHON),)
 lint::
-	@err=0; for f in draft-*.md ; do \
-	  if cat "$$f" | (l=0; while read -r a; do l=$$(($$l + 1)); echo -E "$$l:$$a"; done) | \
-	     sed -e '1,/--- abstract/d;/^[0-9]*: *|/d' | tr -d '\r' | grep '^[0-9]*:.\{81\}'; then \
-	    echo "$$f contains a line with >80 characters"; err=1; \
-	  fi; \
-	  if cat "$$f" | (l=0; while read -r a; do l=$$(($$l + 1)); echo -E "$$l:$$a"; done) | \
-	     sed -e '/^[0-9]*:~~~/,/^[0-9]*:~~~/p;/^[0-9]*:```/,/^[0-9]*:```/p;d' | \
-	     tr -d '\r' | grep '^[0-9]*:.\{66\}'; then \
-	    echo "$$f contains a figure with >65 characters"; err=1; \
-	  fi; \
-	done; [ "$$err" -eq 0 ]
+	@$(PYTHON) ./.lint.py draft-*.md
+endif

draft-ietf-quic-transport.md

@@ -1093,7 +1093,7 @@ language from Section 3 of {{!I-D.ietf-tls-tls13}}.
          case new_session_ticket:
             struct {};
       };
-      TransportParameter parameters<30..2^16-1>;
+      TransportParameter parameters<22..2^16-1>;
    } TransportParameters;
 ~~~
 {: #figure-transport-parameters title="Definition of TransportParameters"}
@@ -2740,24 +2740,24 @@ that it sends.
 Strategies and implications of the frequency of generating acknowledgments are
 discussed in more detail in {{QUIC-RECOVERY}}.
 
-
 ## Packet Size {#packet-size}
 
 The QUIC packet size includes the QUIC header and integrity check, but not the
 UDP or IP header.
 
-Clients MUST ensure that any Initial packet it sends has a QUIC packet size of
-least 1200 octets.
-
-An Initial packet MUST be padded to at least 1200 octets unless the client knows
-that the Path Maximum Transmission Unit (PMTU) supports the size that it
-chooses.  Sending an Initial packet of this size ensures that the network path
-supports an MTU of this size and helps reduce the amplitude of amplification
-attacks caused by server responses toward an unverified client address.
+Clients MUST pad any Initial packet it sends to have a QUIC packet size of at
+least 1200 octets. Sending an Initial packet of this size ensures that the
+network path supports a reasonably sized packet, and helps reduce the amplitude
+of amplification attacks caused by server responses toward an unverified client
+address.
 
-A server MUST NOT allow receipt of a packet that is smaller than 1200 octets to
-start a new connection.
+An Initial packet MAY exceed 1200 octets if the client knows that the Path
+Maximum Transmission Unit (PMTU) supports the size that it chooses.
 
+A server MAY send a CONNECTION_CLOSE frame with error code PROTOCOL_VIOLATION in
+response to an Initial packet smaller than 1200 octets. It MUST NOT send any
+other frame type in response, or otherwise behave as if any part of the
+offending packet was processed as valid.
 
 ## Path Maximum Transmission Unit
 
@@ -3644,12 +3644,13 @@ transport to cancel a stream in response to receipt of a STOP_SENDING frame.
 
 ## Spoofed ACK Attack
 
-An attacker receives an STK from the server and then releases the IP address on
-which it received the STK.  The attacker may, in the future, spoof this same
+An attacker might be able to receive an address validation token
+({{address-validation}}) from the server and then release the IP address it
+used to acquire that token.  The attacker may, in the future, spoof this same
 address (which now presumably addresses a different endpoint), and initiate a
-0-RTT connection with a server on the victim's behalf.  The attacker then spoofs
-ACK frames to the server which cause the server to potentially drown the victim
-in data.
+0-RTT connection with a server on the victim's behalf.  The attacker can then
+spoof ACK frames to the server which cause the server to send excessive amounts
+of data toward the new owner of the IP address.
 
 There are two possible mitigations to this attack.  The simplest one is that a
 server can unilaterally create a gap in packet-number space.  In the non-attack