Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

3x amplification limit for CONNECTION_CLOSE #3864

Merged
merged 1 commit into from Jul 29, 2020
Merged

3x amplification limit for CONNECTION_CLOSE #3864

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
9 changes: 5 additions & 4 deletions draft-ietf-quic-transport.md
View file
Open in desktop
Expand Up @@ -2743,10 +2743,11 @@ An endpoint is allowed to drop the packet protection keys when entering the
closing period ({{draining}}) and send a packet containing a CONNECTION_CLOSE in
response to any UDP datagram that is received. However, an endpoint without the
packet protection keys cannot identify and discard invalid packets. To avoid
creating an unwitting amplification attack, such endpoints MUST reduce the
frequency with which it sends packets containing a CONNECTION_CLOSE frame. To
minimize the state that an endpoint maintains for a closing connection,
endpoints MAY send the exact same packet.
creating an unwitting amplification attack, such endpoints MUST limit the
cumulative size of packets containing a CONNECTION_CLOSE frame to 3 times the
cumulative size of the packets that cause those packets to be sent. To minimize
the state that an endpoint maintains for a closing connection, endpoints MAY
send the exact same packet.

Note:

Expand Down