From 63f88b2b6e50acb3dd083d1ca55baec88021895e Mon Sep 17 00:00:00 2001
From: Martin Thomson <mt@lowentropy.net>
Date: Tue, 17 Nov 2020 09:42:43 +1100
Subject: [PATCH 1/3] Discarding an invalid Initial is allowed

But we managed to hide that in the security considerations.

Closes #4350.
---
 draft-ietf-quic-transport.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md
index 73bb26813a..cc68cf9f27 100644
--- a/draft-ietf-quic-transport.md
+++ b/draft-ietf-quic-transport.md
@@ -3316,6 +3316,12 @@ contents of the packet and generate Initial packets that will be successfully
 authenticated at either endpoint.  The AEAD also protects Initial packets
 against accidental modification.
 
+As the AEAD on Initial packets does not provide strong authentication, an
+endpoint MAY discard an invalid Initial packet.  This is only possible if the
+endpoint does not process the frames in the packet or reverts the effects of any
+processing.  This might be used to reduce exposure to denial of service; see
+{{handshake-dos}}.
+
 All other packets are protected with keys derived from the cryptographic
 handshake.  The cryptographic handshake ensures that only the communicating
 endpoints receive the corresponding keys for Handshake, 0-RTT, and 1-RTT

From 570ab07f134812e70b56a9c5900a1db98ba867ab Mon Sep 17 00:00:00 2001
From: Martin Thomson <mt@lowentropy.net>
Date: Wed, 18 Nov 2020 11:11:06 +1100
Subject: [PATCH 2/3] This overrides other requirements

Rather than enumerate all the ways in which processing rules might have
exceptions for Initial packets, just include a blanket override here.
---
 draft-ietf-quic-transport.md | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md
index cc68cf9f27..9655d63318 100644
--- a/draft-ietf-quic-transport.md
+++ b/draft-ietf-quic-transport.md
@@ -3317,9 +3317,11 @@ authenticated at either endpoint.  The AEAD also protects Initial packets
 against accidental modification.
 
 As the AEAD on Initial packets does not provide strong authentication, an
-endpoint MAY discard an invalid Initial packet.  This is only possible if the
-endpoint does not process the frames in the packet or reverts the effects of any
-processing.  This might be used to reduce exposure to denial of service; see
+endpoint MAY discard an invalid Initial packet.  Discarding an Initial packet is
+permitted even where this specification otherwise mandates a connection error.
+An endpoint can only discard a packet if it does not process the frames in the
+packet or reverts the effects of any processing.  Discarding invalid Initial
+packets might be used to reduce exposure to denial of service; see
 {{handshake-dos}}.
 
 All other packets are protected with keys derived from the cryptographic

From 79e0514de77260009c7d25c945a4ec56266b259c Mon Sep 17 00:00:00 2001
From: Martin Thomson <mt@lowentropy.net>
Date: Wed, 18 Nov 2020 11:27:47 +1100
Subject: [PATCH 3/3] Move to Connection Error section

---
 draft-ietf-quic-transport.md | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md
index 9655d63318..84e380ecf9 100644
--- a/draft-ietf-quic-transport.md
+++ b/draft-ietf-quic-transport.md
@@ -3256,6 +3256,14 @@ frame risks a peer missing the first such packet.  The only mechanism available
 to an endpoint that continues to receive data for a terminated connection is to
 use the stateless reset process ({{stateless-reset}}).
 
+As the AEAD on Initial packets does not provide strong authentication, an
+endpoint MAY discard an invalid Initial packet.  Discarding an Initial packet is
+permitted even where this specification otherwise mandates a connection error.
+An endpoint can only discard a packet if it does not process the frames in the
+packet or reverts the effects of any processing.  Discarding invalid Initial
+packets might be used to reduce exposure to denial of service; see
+{{handshake-dos}}.
+
 
 ## Stream Errors
 
@@ -3316,14 +3324,6 @@ contents of the packet and generate Initial packets that will be successfully
 authenticated at either endpoint.  The AEAD also protects Initial packets
 against accidental modification.
 
-As the AEAD on Initial packets does not provide strong authentication, an
-endpoint MAY discard an invalid Initial packet.  Discarding an Initial packet is
-permitted even where this specification otherwise mandates a connection error.
-An endpoint can only discard a packet if it does not process the frames in the
-packet or reverts the effects of any processing.  Discarding invalid Initial
-packets might be used to reduce exposure to denial of service; see
-{{handshake-dos}}.
-
 All other packets are protected with keys derived from the cryptographic
 handshake.  The cryptographic handshake ensures that only the communicating
 endpoints receive the corresponding keys for Handshake, 0-RTT, and 1-RTT