From 7c3128c17c4c63ec47b1071df2129dd995e3646c Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Fri, 6 Apr 2018 10:36:24 +1000 Subject: [PATCH 1/3] Change the UDP port sometimes too --- draft-ietf-quic-transport.md | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index a8f73ee3e4..3c0a25802f 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -1763,9 +1763,14 @@ gap than it advertised. Clients MAY change connection ID at any time based on implementation-specific concerns. For example, after a period of network inactivity NAT rebinding might -occur when the client begins sending data again. A client might wish to reduce -linkability by employing a new connection ID when sending traffic after a period -of inactivity. +occur when the client begins sending data again. + +A client might wish to reduce linkability by employing a new connection ID and +source UDP port when sending traffic after a period of inactivity. Changing the +UDP port from which it sends packets at the same time might cause the packet to +appear as a connection migration. This ensures that the mechanisms that support +migration are exercised even for clients that don't experience NAT rebindings or +genuine migrations. An endpoint that receives a successfully authenticated packet with a previously unused connection ID MUST use the next available connection ID for any packets From b2439828256873a5596f58172af196746e9c4900 Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Mon, 9 Apr 2018 10:30:45 +1000 Subject: [PATCH 2/3] Changing port number has consequences --- draft-ietf-quic-transport.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 3c0a25802f..132d99c1b0 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -1770,7 +1770,9 @@ source UDP port when sending traffic after a period of inactivity. Changing the UDP port from which it sends packets at the same time might cause the packet to appear as a connection migration. This ensures that the mechanisms that support migration are exercised even for clients that don't experience NAT rebindings or -genuine migrations. +genuine migrations. Changing port number can cause a peer to reset its +congestion state (see {{migration-cc}}), so this action SHOULD only be changed +infrequently. An endpoint that receives a successfully authenticated packet with a previously unused connection ID MUST use the next available connection ID for any packets From 4e9d4cdd4f40571d74e8730d4af1243813fcc67a Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Tue, 10 Apr 2018 10:42:48 +1000 Subject: [PATCH 3/3] Get it right boy --- draft-ietf-quic-transport.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 132d99c1b0..1c0852ca7e 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -1771,7 +1771,7 @@ UDP port from which it sends packets at the same time might cause the packet to appear as a connection migration. This ensures that the mechanisms that support migration are exercised even for clients that don't experience NAT rebindings or genuine migrations. Changing port number can cause a peer to reset its -congestion state (see {{migration-cc}}), so this action SHOULD only be changed +congestion state (see {{migration-cc}}), so the port SHOULD only be changed infrequently. An endpoint that receives a successfully authenticated packet with a previously