On Wed, Jul 28, 2021, at 11:55, Christian Huitema wrote: > [...] reuse one of the NEW TOKENS as Initial CID, [...]
Are you talking about NEW_CONNECTION_ID here? If you are talking about the client taking a connection ID from an old connection and using that when establishing a new connection, that's an interesting choice. I don't think it works because it undermines the return routeability check for the subsequent connection. The server now knows what the connection ID might be. I can't think of an exploit for that given that the server has already demonstrated that it is on path, but we do pretty much say that the connection ID can't be predictable like that, and there are no firm requirements that the subsequent connection attempt follow the same network path in any way. I had assumed that the load balancer would be able to identify an initial and then route based on the Token field in that packet, rather than the connection ID. Maybe that's too complicated, but it is something that could be used without protocol modifications.
