target = "https://www.rfc-editor.org/rfc/rfc9000#section-13.4.2.1"

# 13.4.2.1.  Receiving ACK Frames with ECN Counts
#
# Erroneous application of ECN-CE markings by the network can result in
# degraded connection performance.  An endpoint that receives an ACK
# frame with ECN counts therefore validates the counts before using
# them.  It performs this validation by comparing newly received counts
# against those from the last successfully processed ACK frame.  Any
# increase in the ECN counts is validated based on the ECN markings
# that were applied to packets that are newly acknowledged in the ACK
# frame.
# 
# If an ACK frame newly acknowledges a packet that the endpoint sent
# with either the ECT(0) or ECT(1) codepoint set, ECN validation fails
# if the corresponding ECN counts are not present in the ACK frame.
# This check detects a network element that zeroes the ECN field or a
# peer that does not report ECN markings.
# 
# ECN validation also fails if the sum of the increase in ECT(0) and
# ECN-CE counts is less than the number of newly acknowledged packets
# that were originally sent with an ECT(0) marking.  Similarly, ECN
# validation fails if the sum of the increases to ECT(1) and ECN-CE
# counts is less than the number of newly acknowledged packets sent
# with an ECT(1) marking.  These checks can detect remarking of ECN-CE
# markings by the network.
# 
# An endpoint could miss acknowledgments for a packet when ACK frames
# are lost.  It is therefore possible for the total increase in ECT(0),
# ECT(1), and ECN-CE counts to be greater than the number of packets
# that are newly acknowledged by an ACK frame.  This is why ECN counts
# are permitted to be larger than the total number of packets that are
# acknowledged.
# 
# Validating ECN counts from reordered ACK frames can result in
# failure.  An endpoint MUST NOT fail ECN validation as a result of
# processing an ACK frame that does not increase the largest
# acknowledged packet number.
# 
# ECN validation can fail if the received total count for either ECT(0)
# or ECT(1) exceeds the total number of packets sent with each
# corresponding ECT codepoint.  In particular, validation will fail
# when an endpoint receives a non-zero ECN count corresponding to an
# ECT codepoint that it never applied.  This check detects when packets
# are remarked to ECT(0) or ECT(1) in the network.

[[spec]]
level = "MUST"
quote = '''
An endpoint MUST NOT fail ECN validation as a result of
processing an ACK frame that does not increase the largest
acknowledged packet number.
'''