From ee7aa4857b1259e0924eaac451477b9bdaa78ca7 Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Tue, 12 Jan 2021 17:51:57 +1100 Subject: [PATCH] Condition deployment recommendation on BCP 38 This is already something we recommend separately, but this is a SHOULD and the extra is useful. Closes #4566. --- draft-ietf-quic-transport.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index e39aa7c870..4db85d2ef7 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -6950,8 +6950,8 @@ Because the migration attack described in {{request-forgery-with-spoofed-migration}} is quite powerful and does not have adequate countermeasures, QUIC server implementations should assume that attackers can cause them to generate arbitrary UDP payloads to arbitrary -destinations. QUIC servers SHOULD NOT be deployed in networks that also have -inadequately secured UDP endpoints. +destinations. QUIC servers SHOULD NOT be deployed in networks that do not deploy +ingress filtering {{!BCP38}} and also have inadequately secured UDP endpoints. Although it is not generally possible to ensure that clients are not co-located with vulnerable endpoints, this version of QUIC does not allow servers to