Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow most frames in 0-RTT #2355

Merged
merged 13 commits into from Mar 11, 2019
Merged

Allow most frames in 0-RTT #2355

Changes from 1 commit
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
449d636
Allow stream-related frames in 0-RTT
martinthomson Jan 21, 2019
5958081
Expand the anti-replay story
martinthomson Jan 21, 2019
f9d24ec
Missing 'only'
martinthomson Jan 21, 2019
0fe91c8
Fix CONNECTION_CLOSE
martinthomson Jan 22, 2019
fdfb19d
Move PADDING up
martinthomson Jan 31, 2019
9400c2f
Replay protection is the responsibility of application protocols
martinthomson Feb 6, 2019
5bbe441
Merge remote-tracking branch 'origin/master' into 0rtt-reset
MikeBishop Feb 12, 2019
f95c289
Mike's comments
martinthomson Feb 12, 2019
0974bda
Reword
martinthomson Feb 12, 2019
0bb2046
application semantics stuff
martinthomson Feb 12, 2019
c4e459f
attachment issue
janaiyengar Feb 13, 2019
e03aa6b
Taking Mikkel's review/suggestions into account, trimming, adding
martinthomson Mar 7, 2019
e5ca738
Editorial tweaks
martinthomson Mar 10, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
7 changes: 7 additions & 0 deletions draft-ietf-quic-http.md
View file
Open in desktop
Expand Up @@ -1482,6 +1482,13 @@ The use of 0-RTT with HTTP/3 creates an exposure to replay attack. The
anti-replay mitigations in {{!HTTP-REPLAY=RFC8470}} MUST be applied when using
HTTP/3 with 0-RTT.

Certain HTTP implementations use the client address for logging or
access-control purposes. Since a QUIC client's address might change during a
connection (and future versions might support simultaneous use of multiple
addresses), such implementations will need to either actively retrieve the
client's current address or addresses when they are relevant or explicitly
accept that the original address might change.


# IANA Considerations

Expand Down
You are viewing a condensed version of this merge commit. You can view the full changes here.