From e94bdc2cafb07ee711b91281591dc45637467bae Mon Sep 17 00:00:00 2001 From: Mike Bishop Date: Wed, 6 Feb 2019 11:02:53 -0800 Subject: [PATCH 1/4] Discard inconsistent packets --- draft-ietf-quic-transport.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 89a6c40ecf..012b842d68 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -1010,8 +1010,10 @@ Endpoints can send a Stateless Reset ({{stateless-reset}}) for any packets that cannot be attributed to an existing connection. A stateless reset allows a peer to more quickly identify when a connection becomes unusable. -Packets that are matched to an existing connection, but for which the endpoint -cannot remove packet protection, are discarded. +Packets that are matched to an existing connection are discarded if the packets +are inconsistent with the state of that connection -- for example, if they +indicate a different protocol version than that of the connection, or if the +endpoint cannot remove packet protection. Invalid packets without packet protection, such as Initial, Retry, or Version Negotiation, MAY be discarded. An endpoint MUST generate a connection error if From 105dd3213812cde18c65240efc7ae1f339fae65b Mon Sep 17 00:00:00 2001 From: Mike Bishop Date: Wed, 6 Feb 2019 16:45:14 -0800 Subject: [PATCH 2/4] Removal is unsuccessful --- draft-ietf-quic-transport.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 012b842d68..883f79adaf 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -1013,7 +1013,7 @@ to more quickly identify when a connection becomes unusable. Packets that are matched to an existing connection are discarded if the packets are inconsistent with the state of that connection -- for example, if they indicate a different protocol version than that of the connection, or if the -endpoint cannot remove packet protection. +removal of packet protection is unsuccessful. Invalid packets without packet protection, such as Initial, Retry, or Version Negotiation, MAY be discarded. An endpoint MUST generate a connection error if From 5b3abdedf454cccec4e2e0bbb1b5dcc3de261b46 Mon Sep 17 00:00:00 2001 From: MikkelFJ Date: Fri, 8 Feb 2019 15:55:35 -0800 Subject: [PATCH 3/4] Update draft-ietf-quic-transport.md Co-Authored-By: MikeBishop --- draft-ietf-quic-transport.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 883f79adaf..5c90b19ced 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -1013,7 +1013,7 @@ to more quickly identify when a connection becomes unusable. Packets that are matched to an existing connection are discarded if the packets are inconsistent with the state of that connection -- for example, if they indicate a different protocol version than that of the connection, or if the -removal of packet protection is unsuccessful. +removal of packet protection is unsuccessful once the expected keys are available. Invalid packets without packet protection, such as Initial, Retry, or Version Negotiation, MAY be discarded. An endpoint MUST generate a connection error if From 5369ff2cf70a461899817aec983ac22e23684f15 Mon Sep 17 00:00:00 2001 From: Mike Bishop Date: Fri, 8 Feb 2019 15:56:59 -0800 Subject: [PATCH 4/4] Sentence split --- draft-ietf-quic-transport.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 5c90b19ced..2a3a048882 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -1011,9 +1011,10 @@ cannot be attributed to an existing connection. A stateless reset allows a peer to more quickly identify when a connection becomes unusable. Packets that are matched to an existing connection are discarded if the packets -are inconsistent with the state of that connection -- for example, if they -indicate a different protocol version than that of the connection, or if the -removal of packet protection is unsuccessful once the expected keys are available. +are inconsistent with the state of that connection. For example, packets are +discarded if they indicate a different protocol version than that of the +connection, or if the removal of packet protection is unsuccessful once the +expected keys are available. Invalid packets without packet protection, such as Initial, Retry, or Version Negotiation, MAY be discarded. An endpoint MUST generate a connection error if