target = "https://www.rfc-editor.org/rfc/rfc9000#section-10.3"

# 10.3.  Stateless Reset
#
# A stateless reset is provided as an option of last resort for an
# endpoint that does not have access to the state of a connection.  A
# crash or outage might result in peers continuing to send data to an
# endpoint that is unable to properly continue the connection.  An
# endpoint MAY send a Stateless Reset in response to receiving a packet
# that it cannot associate with an active connection.
# 
# A stateless reset is not appropriate for indicating errors in active
# connections.  An endpoint that wishes to communicate a fatal
# connection error MUST use a CONNECTION_CLOSE frame if it is able.
# 
# To support this process, an endpoint issues a stateless reset token,
# which is a 16-byte value that is hard to guess.  If the peer
# subsequently receives a Stateless Reset, which is a UDP datagram that
# ends in that stateless reset token, the peer will immediately end the
# connection.
# 
# A stateless reset token is specific to a connection ID.  An endpoint
# issues a stateless reset token by including the value in the
# Stateless Reset Token field of a NEW_CONNECTION_ID frame.  Servers
# can also issue a stateless_reset_token transport parameter during the
# handshake that applies to the connection ID that it selected during
# the handshake.  These exchanges are protected by encryption, so only
# client and server know their value.  Note that clients cannot use the
# stateless_reset_token transport parameter because their transport
# parameters do not have confidentiality protection.
# 
# Tokens are invalidated when their associated connection ID is retired
# via a RETIRE_CONNECTION_ID frame (Section 19.16).
# 
# An endpoint that receives packets that it cannot process sends a
# packet in the following layout (see Section 1.3):
# 
# Stateless Reset {
#   Fixed Bits (2) = 1,
#   Unpredictable Bits (38..),
#   Stateless Reset Token (128),
# }
# 
#                       Figure 10: Stateless Reset
# 
# This design ensures that a Stateless Reset is -- to the extent
# possible -- indistinguishable from a regular packet with a short
# header.
# 
# A Stateless Reset uses an entire UDP datagram, starting with the
# first two bits of the packet header.  The remainder of the first byte
# and an arbitrary number of bytes following it are set to values that
# SHOULD be indistinguishable from random.  The last 16 bytes of the
# datagram contain a stateless reset token.
# 
# To entities other than its intended recipient, a Stateless Reset will
# appear to be a packet with a short header.  For the Stateless Reset
# to appear as a valid QUIC packet, the Unpredictable Bits field needs
# to include at least 38 bits of data (or 5 bytes, less the two fixed
# bits).
# 
# The resulting minimum size of 21 bytes does not guarantee that a
# Stateless Reset is difficult to distinguish from other packets if the
# recipient requires the use of a connection ID.  To achieve that end,
# the endpoint SHOULD ensure that all packets it sends are at least 22
# bytes longer than the minimum connection ID length that it requests
# the peer to include in its packets, adding PADDING frames as
# necessary.  This ensures that any Stateless Reset sent by the peer is
# indistinguishable from a valid packet sent to the endpoint.  An
# endpoint that sends a Stateless Reset in response to a packet that is
# 43 bytes or shorter SHOULD send a Stateless Reset that is one byte
# shorter than the packet it responds to.
# 
# These values assume that the stateless reset token is the same length
# as the minimum expansion of the packet protection AEAD.  Additional
# unpredictable bytes are necessary if the endpoint could have
# negotiated a packet protection scheme with a larger minimum
# expansion.
# 
# An endpoint MUST NOT send a Stateless Reset that is three times or
# more larger than the packet it receives to avoid being used for
# amplification.  Section 10.3.3 describes additional limits on
# Stateless Reset size.
# 
# Endpoints MUST discard packets that are too small to be valid QUIC
# packets.  To give an example, with the set of AEAD functions defined
# in [QUIC-TLS], short header packets that are smaller than 21 bytes
# are never valid.
# 
# Endpoints MUST send Stateless Resets formatted as a packet with a
# short header.  However, endpoints MUST treat any packet ending in a
# valid stateless reset token as a Stateless Reset, as other QUIC
# versions might allow the use of a long header.
# 
# An endpoint MAY send a Stateless Reset in response to a packet with a
# long header.  Sending a Stateless Reset is not effective prior to the
# stateless reset token being available to a peer.  In this QUIC
# version, packets with a long header are only used during connection
# establishment.  Because the stateless reset token is not available
# until connection establishment is complete or near completion,
# ignoring an unknown packet with a long header might be as effective
# as sending a Stateless Reset.
# 
# An endpoint cannot determine the Source Connection ID from a packet
# with a short header; therefore, it cannot set the Destination
# Connection ID in the Stateless Reset.  The Destination Connection ID
# will therefore differ from the value used in previous packets.  A
# random Destination Connection ID makes the connection ID appear to be
# the result of moving to a new connection ID that was provided using a
# NEW_CONNECTION_ID frame; see Section 19.15.
# 
# Using a randomized connection ID results in two problems:
# 
# *  The packet might not reach the peer.  If the Destination
#    Connection ID is critical for routing toward the peer, then this
#    packet could be incorrectly routed.  This might also trigger
#    another Stateless Reset in response; see Section 10.3.3.  A
#    Stateless Reset that is not correctly routed is an ineffective
#    error detection and recovery mechanism.  In this case, endpoints
#    will need to rely on other methods -- such as timers -- to detect
#    that the connection has failed.
# 
# *  The randomly generated connection ID can be used by entities other
#    than the peer to identify this as a potential Stateless Reset.  An
#    endpoint that occasionally uses different connection IDs might
#    introduce some uncertainty about this.
# 
# This stateless reset design is specific to QUIC version 1.  An
# endpoint that supports multiple versions of QUIC needs to generate a
# Stateless Reset that will be accepted by peers that support any
# version that the endpoint might support (or might have supported
# prior to losing state).  Designers of new versions of QUIC need to be
# aware of this and either (1) reuse this design or (2) use a portion
# of the packet other than the last 16 bytes for carrying data.

[[spec]]
level = "MAY"
quote = '''
An
endpoint MAY send a Stateless Reset in response to receiving a packet
that it cannot associate with an active connection.
'''

[[spec]]
level = "MUST"
quote = '''
An endpoint that wishes to communicate a fatal
connection error MUST use a CONNECTION_CLOSE frame if it is able.
'''

[[spec]]
level = "SHOULD"
quote = '''
The remainder of the first byte
and an arbitrary number of bytes following it are set to values that
SHOULD be indistinguishable from random.
'''

[[spec]]
level = "SHOULD"
quote = '''
To achieve that end,
the endpoint SHOULD ensure that all packets it sends are at least 22
bytes longer than the minimum connection ID length that it requests
the peer to include in its packets, adding PADDING frames as
necessary.
'''

[[spec]]
level = "SHOULD"
quote = '''
An
endpoint that sends a Stateless Reset in response to a packet that is
43 bytes or shorter SHOULD send a Stateless Reset that is one byte
shorter than the packet it responds to.
'''

[[spec]]
level = "MUST"
quote = '''
An endpoint MUST NOT send a Stateless Reset that is three times or
more larger than the packet it receives to avoid being used for
amplification.
'''

[[spec]]
level = "MUST"
quote = '''
Endpoints MUST discard packets that are too small to be valid QUIC
packets.
'''

[[spec]]
level = "MUST"
quote = '''
Endpoints MUST send Stateless Resets formatted as a packet with a
short header.
'''

[[spec]]
level = "MUST"
quote = '''
However, endpoints MUST treat any packet ending in a
valid stateless reset token as a Stateless Reset, as other QUIC
versions might allow the use of a long header.
'''

[[spec]]
level = "MAY"
quote = '''
An endpoint MAY send a Stateless Reset in response to a packet with a
long header.
'''