-
Notifications
You must be signed in to change notification settings - Fork 204
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cleartext integrity as version independent #568
Comments
If version negotiation is amplifying, something is badly wrong. I believe that version negotiation should only be generated for packets that exceed a certain size (because the only packet that it makes sense to send version negotiation in response to is an initial client packet and those are guaranteed* to be pretty big*). That is, for some version of a guarantee and some version of big. Note however that we don't have that written down (or even agreed). As for being able to distinguish noise from QUIC, that's a good reason. We should discuss that. |
re: amp - that's a versioning guarantee thing again.. a v1 initial client packet is pretty big.. but a >1 packet received by a v1 server? we have very few rules about the future.. maybe we need a few. |
Yes, some constraints on future flexibility seem wise, as long as we can keep it light. |
making the cleartext integrity checksum version independent would prevent a lot of version negotiation packets from being generated based on receipt of non-quic (and make it harder to use that as an amplification vector?)
The text was updated successfully, but these errors were encountered: