quicwg · kazuho · Sep 4, 2019 · Sep 4, 2019 · Sep 4, 2019 · Sep 5, 2019
diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md
@@ -2527,7 +2527,7 @@ QUIC need to be aware of this and either reuse this design, or use a portion of
 the packet other than the last 16 bytes for carrying data.
 
 
-### Detecting a Stateless Reset
+### Detecting a Stateless Reset {#detect-stateless-reset}
 
 An endpoint detects a potential stateless reset when an incoming packet either
 cannot be associated with a connection, cannot be decrypted, or is marked as a
@@ -5730,6 +5730,17 @@ decisions are made independently of client-selected values; a Source Connection
 ID can be selected to route later packets to the same server.
 
 
+## Hash Collision Attack on Stateless Reset Tokens
+
+Since stateless reset tokens are generated by peers, endpoints SHOULD
+be resistant to hash flooding DoS attacks when using a hash map for storing and comparing
+those tokens. One way of achieving this property is to store and compare
+transformed values of the stateless tokens where the transformation is defined
+as a pseudo-random permutation (e.g., block cipher) or a keyed hash (e.g., HMAC
+{{?RFC2104}}) that is cryptographically secure, instead of using the raw token
+values as the hash keys.  This approach satisfies the secure comparison
+requirement in {{detect-stateless-reset}}.
+
 # IANA Considerations
 
 ## QUIC Transport Parameter Registry {#iana-transport-parameters}