From 9b95d3f06b7ac758a871e2916abb46b4884b01fa Mon Sep 17 00:00:00 2001
From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 26 Aug 2019 20:02:02 +1000
Subject: [PATCH] Only servers send NEW_TOKEN

This doesn't add rationale.  It doesn't have to.  See the issue
discussion for that rationale.

Closes #2382.
---
 draft-ietf-quic-transport.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md
index 2355e55dad..01c1f4f13b 100644
--- a/draft-ietf-quic-transport.md
+++ b/draft-ietf-quic-transport.md
@@ -4878,6 +4878,9 @@ An endpoint might receive multiple NEW_TOKEN frames that contain the same token
 value.  Endpoints are responsible for discarding duplicate values, which might
 be used to link connection attempts; see {{validate-future}}.
 
+Clients MUST NOT send NEW_TOKEN frames.  Servers MUST treat receipt of a
+NEW_TOKEN frame as a connection error of type PROTOCOL_VIOLATION.
+
 
 ## STREAM Frames {#frame-stream}