8.1.4. Address Validation Token Integrity
An address validation token MUST be difficult to guess. Including a random value with at least 128 bits of entropy in the token would be sufficient, but this depends on the server remembering the value it sends to clients.
What happened?
Xquic use ip address + expire time as token.
Steps To Reproduce
Read the code.
Relevant log output
No response