First flight size restriction about base-drafts HOT 6 CLOSED

I'm not sure how we could come up with a good one-size fits all limit. Different deployment environments may be more or less capable of generating amplification attacks. There are things we can do with the design of QUIC, such as add the ability to pair a connection id to a resumption token, to make these less practical.

from base-drafts.

Is this amplification any worse than TFO + TLS1.3?

from base-drafts.

To @ianswett's point, if there isn't a one-size fits all number, then we need a set of guidelines. I explicitly didn't say that we needed a number in the problem description for that reason.

Is this amplification any worse than TFO + TLS1.3?

I don't know, no one has deployed that yet and so we don't know what we can do with the first flight with TFO (in TLS 1.3 or any other protocol for that matter). I expect that whatever guideline/number we arrive at will probably apply there.

TFO has a really unsatisfactory response to this problem: https://tools.ietf.org/html/rfc7413#section-5.2 I guess that's what you get with experimental RFCs.

from base-drafts.

@martinthomson I don't think this is a problem with TFO being experimental, I think it's a problem with too few security people paying attention to TFO. Either ways, yeah, let's make sure we solve this problem well in QUIC.

from base-drafts.

Not going to disagree with that!

(I will disagree with the potential implication that security is the responsibility of security people, but I'm sure that was not what you intended.)

from base-drafts.

@martinthomson Yes, didn't mean to imply that. I don't consider myself a "security person" but I've been quite bothered by the wishy-washy security requirements around TFO.

from base-drafts.