From 7a9e8e45aaf92da9f4c543300136459252347085 Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Thu, 25 Oct 2018 14:55:34 +1100 Subject: [PATCH 1/3] Don't amplify accidentally when closing A minor point, and we might not even regret this, but it's not worth risking it. Closes #1905. --- draft-ietf-quic-transport.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index bcc6265408..852ae2bd3f 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -2228,6 +2228,12 @@ Note: control, which are not expected to be relevant for a closed connection. Retransmitting the final packet requires less state. +New packets from unverified addresses could be used to create an amplification +attack (see {{address-validation}}). To avoid this, endpoints MUST either limit +transmission of closing frames to validated addresses - which implies retaining +knowledge of validated addresses - or to drop packets without response if the +response would be more than three times larger than the received packet. + After receiving a closing frame, endpoints enter the draining state. An endpoint that receives a closing frame MAY send a single packet containing a closing frame before entering the draining state, using a CONNECTION_CLOSE frame From e06269b6caf4b685156b1b5dda65dcf8d9f8a857 Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Fri, 26 Oct 2018 09:21:45 +1100 Subject: [PATCH 2/3] Always like removing text --- draft-ietf-quic-transport.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 852ae2bd3f..0a7b4f8c72 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -2230,9 +2230,9 @@ Note: New packets from unverified addresses could be used to create an amplification attack (see {{address-validation}}). To avoid this, endpoints MUST either limit -transmission of closing frames to validated addresses - which implies retaining -knowledge of validated addresses - or to drop packets without response if the -response would be more than three times larger than the received packet. +transmission of closing frames to validated addresses or to drop packets without +response if the response would be more than three times larger than the received +packet. After receiving a closing frame, endpoints enter the draining state. An endpoint that receives a closing frame MAY send a single packet containing a From 3ef0fab462ed64b69e4680b6751cd9f29ae7fb9b Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Fri, 26 Oct 2018 10:36:40 +1100 Subject: [PATCH 3/3] redundant word whack-a-mole --- draft-ietf-quic-transport.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 0a7b4f8c72..81bf41d456 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -2230,7 +2230,7 @@ Note: New packets from unverified addresses could be used to create an amplification attack (see {{address-validation}}). To avoid this, endpoints MUST either limit -transmission of closing frames to validated addresses or to drop packets without +transmission of closing frames to validated addresses or drop packets without response if the response would be more than three times larger than the received packet.