multipath icon indicating copy to clipboard operation
multipath copied to clipboard

Published 20 hours ago verified publisher icon quicwg

Anti-amplification limits

Open MikeBishop opened this issue 6 months ago • 3 comments

RFC 9000 requires that:

  • Datagrams carrying Initial packets be expanded to 1200+ bytes
  • Servers verify the client address on handshake and when the address changes through migration / rebinding
  • The server can send no more than 3x the received bytes until the client's address is validated, both during the handshake and following client migration / rebinding

This draft states in the Security Considerations that "the anti-amplification limits as specified in Section 8 of [QUIC-TRANSPORT] need to be followed to limit the amplification risk." However, there's no text that describes how this maps into multipath behavior.

My proposal is that:

  • The packet on a new path SHOULD be expanded to 1200+ bytes (PADDING, etc.) for the first 1 RTT or until validation completes
  • When a packet is received from an unverified address, an endpoint MUST NOT send more than 3x the received bytes until address validation completes

MikeBishop avatar Jul 25 '24 18:07 MikeBishop