One thing leads to another. I am verifying that Picoquic conforms to draft 32, I see the text describing VN generation, and I start writing an unit test to check that the implementation does that. And then, it got me thinking.
I just opened https://github.com/quicwg/base-drafts/issues/4258, Request Forgery Attacks through Version Negotiation. Servers are building VN packets in response to packets with an unrecognized VN, copying in the response up to 255 bytes each from the DCID and SCID fields of the incoming packet. That seems much easier to exploit than the various avenues for Request Forgery Attacks listed in the transport draft. I think that at a minimum, the possibility of such attacks should be written in the security section of the invariant draft. -- Christian Huitema
