target = "https://www.rfc-editor.org/rfc/rfc9000#section-17.2.5.2"

# 17.2.5.2.  Handling a Retry Packet
#
# A client MUST accept and process at most one Retry packet for each
# connection attempt.  After the client has received and processed an
# Initial or Retry packet from the server, it MUST discard any
# subsequent Retry packets that it receives.
# 
# Clients MUST discard Retry packets that have a Retry Integrity Tag
# that cannot be validated; see Section 5.8 of [QUIC-TLS].  This
# diminishes an attacker's ability to inject a Retry packet and
# protects against accidental corruption of Retry packets.  A client
# MUST discard a Retry packet with a zero-length Retry Token field.
# 
# The client responds to a Retry packet with an Initial packet that
# includes the provided Retry token to continue connection
# establishment.
# 
# A client sets the Destination Connection ID field of this Initial
# packet to the value from the Source Connection ID field in the Retry
# packet.  Changing the Destination Connection ID field also results in
# a change to the keys used to protect the Initial packet.  It also
# sets the Token field to the token provided in the Retry packet.  The
# client MUST NOT change the Source Connection ID because the server
# could include the connection ID as part of its token validation
# logic; see Section 8.1.4.
# 
# A Retry packet does not include a packet number and cannot be
# explicitly acknowledged by a client.

[[spec]]
level = "MUST"
quote = '''
A client MUST accept and process at most one Retry packet for each
connection attempt.
'''

[[spec]]
level = "MUST"
quote = '''
After the client has received and processed an
Initial or Retry packet from the server, it MUST discard any
subsequent Retry packets that it receives.
'''

[[spec]]
level = "MUST"
quote = '''
Clients MUST discard Retry packets that have a Retry Integrity Tag
that cannot be validated; see Section 5.8 of [QUIC-TLS].
'''

[[spec]]
level = "MUST"
quote = '''
A client
MUST discard a Retry packet with a zero-length Retry Token field.
'''

[[spec]]
level = "MUST"
quote = '''
The
client MUST NOT change the Source Connection ID because the server
could include the connection ID as part of its token validation
logic; see Section 8.1.4.
'''