Open MikeBishop opened 4 months ago
mirjak
commented
2 months ago This is the same as migration and already specified in RFC9000. I think we should not specify the same thing in two document that's why we decided to add a reference to section 8 of RFC9000 instead.
MikeBishop
commented
2 months ago I agree that's the goal, but I don't agree that the existing pointer is detailed enough or in the right place to help implementers make the connection.
New paths aren't migration; we explicitly talk about what happens when an existing path migrates, and say that's separate from new paths being constructed. So we should clearly state that the Section 8 requirements for migration also apply to new path creation. I think it's fine for that to live in 10.2 and just be a little more explicit.
But I think we do implementers a disservice if we don't call out those requirements in context, specifically in Section 3.1:
To be clear, I think it's perfectly reasonable not to double-specify; I'd just like us to point to RFC9000 with a reminder of existing requirements to help people find them. I'm happy to write a PR; I think this would be a fairly small change.
huitema
commented
1 month ago I am trying to reconcile Mike's PR with the decision to allow path creation without an explicit challenge, see PR #442. We already have text making reference to RFC 9000. My proposal is to only take the part of #430 that updates the security section.
mirjak
commented
1 month ago @MikeBishop we merged #442. Can you confirm that this addressed the issue (and close it)? Thanks!
RFC 9000 requires that:
This draft states in the Security Considerations that "the anti-amplification limits as specified in Section 8 of [QUIC-TRANSPORT] need to be followed to limit the amplification risk." However, there's no text that describes how this maps into multipath behavior.
My proposal is that: