Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A zero-length Retry Token is invalid #3277

Merged
merged 1 commit into from Dec 3, 2019
Merged

A zero-length Retry Token is invalid #3277

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
5 changes: 3 additions & 2 deletions draft-ietf-quic-transport.md
View file
Open in desktop
Expand Up @@ -4140,7 +4140,7 @@ wishes to perform a retry (see {{validate-handshake}}).

A Retry packet (shown in {{retry-format}}) does not contain any protected
fields. The value in the Unused field is selected randomly by the server. In
addition to the long header, it contains these additional fields:
addition to the long header, it contains these additional fields:

ODCID Len:

Expand Down Expand Up @@ -4187,7 +4187,8 @@ from the server, it MUST discard any subsequent Retry packets that it receives.
Clients MUST discard Retry packets that contain an Original Destination
Connection ID field that does not match the Destination Connection ID from its
Initial packet. This prevents an off-path attacker from injecting a Retry
packet.
packet. A client MUST discard a Retry packet with a zero-length Retry Token
field.

The client responds to a Retry packet with an Initial packet that includes the
provided Retry Token to continue connection establishment.
Expand Down