-
Notifications
You must be signed in to change notification settings - Fork 204
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ben Kaduk's Transport Comment 10 #4617
Comments
It's at least twice as good as the one used in TCP. As this is time-bounded and a collision even at probability 0.5 requires immense investment from an attack to engineer, this seems more than adequate for its purpose. It is also the same size as the tokens we use for path validation. A change would be disruptive. I don't see any reason to change here. |
Please consider reiterating that it is time bounded in the document (and for path validation as well); I would prefer to not have future protocols attempt to refer to QUIC's 8-byte value as justification for their own when they actually need something bigger. |
@kaduk : The immediate next sentence says |
I don't think that helps the reader make the connection that the shorter nonce is safe due to the time bound. |
We need to come to a decision on this. Since this is from an IESG COMMENT (and not a DISCUSS), the editors can IMO go ahead with their preferred resolution. |
Since this comment is about how the nonce might be unsafe under other conditions, it's good enough to do nothing here. |
The nonce is safe because it has been analyzed. Anyone hoping to copy what QUIC does had best understand why QUIC does what it does before doing so. If we learn that people don't exercise judgment and discretion in this, we can try to fix it next time. We can't possibility preemptively foreclose on every conceivable bad decision in this spec. It's already far too large. |
@kaduk said:
The text was updated successfully, but these errors were encountered: