From a5306cd002484a5a002a2f3e42c075b283420b09 Mon Sep 17 00:00:00 2001
From: Martin Thomson <mt@lowentropy.net>
Date: Thu, 7 Jan 2021 14:29:50 +1100
Subject: [PATCH] Large enough is large enough

CLoses #4623.
---
 draft-ietf-quic-transport.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md
index f43916a0d4..943f134a0e 100644
--- a/draft-ietf-quic-transport.md
+++ b/draft-ietf-quic-transport.md
@@ -2151,9 +2151,9 @@ connection properties.
 
 ### Address Validation Token Integrity {#token-integrity}
 
-An address validation token MUST be difficult to guess.  Including a large
-enough random value in the token would be sufficient, but this depends on the
-server remembering the value it sends to clients.
+An address validation token MUST be difficult to guess.  Including a random
+value with at least 128 bits of entropy in the token would be sufficient, but
+this depends on the server remembering the value it sends to clients.
 
 A token-based scheme allows the server to offload any state associated with
 validation to the client.  For this design to work, the token MUST be covered by