Remove the complicated check, simplify

draft-ietf-quic-transport.md

@@ -3817,49 +3817,38 @@ validation using ECT(1) counts.
 #### Receiving ACK Frames {#ecn-ack}
 
 An endpoint that sets ECT(0) or ECT(1) codepoints on packets records the ECN
-counts it has received in ACK frames. When processing an ACK frame, the
-endpoint MUST validate the increase in ECN counts based on the markings that
-were applied to packets that are newly acknowledged.
-
-ECN validation involves the following checks:
-
-* If this ACK frame newly acknowledges a packet that the endpoint sent with
-  either ECT(0) or ECT(1) codepoints set, ECN validation fails if ECN counts
-  are not present in the ACK frame.  This check protects against both a network
-  element that removes ECN markings or a peer that is unable to access ECN
-  markings, since the peer could respond without ECN feedback in either case.
-
-* ECN validation fails if the sum of the increase in ECT(0) and ECT(1) counts,
-  plus any increase in the ECN-CE count is less than the number of packets sent
-  with the corresponding ECT codepoint. This check can detect removal of ECN
-  markings.
-
-* ECN validation fails if any unaccounted for increase in the sum of ECT(0) and
-  ECN-CE counts, plus any unaccounted for increase in the sum of ECT(1) and
-  ECN-CE counts, less any unaccounted for increase in the sum of the ECT(0),
-  ECT(1), and ECN-CE counts is not between zero and the overall increase to the
-  ECN-CE count from this ACK frame.  An unaccounted for increase is determined
-  by subtracting the number of newly acknowledged packets that were originally
-  sent with the corresponding mark from the increase in counts reported in the
-  ACK frame.  This check can detect erroneous changes between ECT(0) and
-  ECT(1) markings in the network.
-
-An endpoint MAY also validate total counts based on the total number of packets
-that it sent with with a given marking.  In that case, ECN validation can also
-be performed based on total counts rather than increases.  As a special case,
-an endpoint that never applies a particular marking can fail validation when a
-non-zero count for that marking is received.  This check can detect when
-packets are marked ECT(0) or ECT(1) in the network.
+counts it has received in ACK frames.  An endpoint validates the ECN counts by
+comparing the counts in each new ACK frame against the last ACK frame that was
+successfully processed.  The increase in ECN counts is validated based on the
+markings that were applied to packets that are newly acknowledged in the ACK
+frame.
 
-Processing ECN counts out of order can result in validation failure.  An
-endpoint SHOULD NOT perform this validation if this ACK frame does not advance
-the largest packet number acknowledged in this connection.
+If an ACK frame newly acknowledges a packet that the endpoint sent with either
+ECT(0) or ECT(1) codepoints set, ECN validation fails if ECN counts are not
+present in the ACK frame.  This check detects a network element that zeroes out
+ECN bits or a peer that is unable to access ECN markings.
+
+ECN validation fails if the sum of the increase in ECT(0) and ECN-CE counts is
+less than the number of newly acknowledged packets sent with an ECT(0) marking.
+Similarly, if the sum of the increases to ECT(1) and ECN-CE counts is less than
+the number of newly acknowledged packets sent with an ECT(1) marking.  These
+checks can detect removal of ECN markings in the network.
+
+ECN validation MAY fail if the total count for an ECT(0) or ECT(1) marking
+exceeds the total number of packets sent with the corresponding marking.   In
+particular, an endpoint that never applies a particular marking can fail
+validation when a non-zero count for the corresponding marking is received.
+This check can detect when packets are marked ECT(0) or ECT(1) in the network.
 
 An endpoint could miss acknowledgements for a packet when ACK frames are lost.
-It is therefore possible for the total increase in ECT(0), ECT(1), and CE counts
-to be greater than the number of packets acknowledged in an ACK frame.  When
-this happens, and if validation succeeds, the local reference counts MUST be
-increased to match the counts in the ACK frame.
+It is therefore possible for the total increase in ECT(0), ECT(1), and ECN-CE
+counts to be greater than the number of packets acknowledged in an ACK frame.
+This is why counts are permitted to be larger than might be accounted for by
+newly acknowledged packets.
+
+Processing ECN counts out of order can result in validation failure.  An
+endpoint SHOULD skip ECN validation when an ACK frame does not increase the
+largest acknowledged packet number.
 
 
 #### Validation Outcomes