target = "https://www.rfc-editor.org/rfc/rfc9000#section-9.3"

# 9.3.  Responding to Connection Migration
#
# Receiving a packet from a new peer address containing a non-probing
# frame indicates that the peer has migrated to that address.
# 
# If the recipient permits the migration, it MUST send subsequent
# packets to the new peer address and MUST initiate path validation
# (Section 8.2) to verify the peer's ownership of the address if
# validation is not already underway.  If the recipient has no unused
# connection IDs from the peer, it will not be able to send anything on
# the new path until the peer provides one; see Section 9.5.
# 
# An endpoint only changes the address to which it sends packets in
# response to the highest-numbered non-probing packet.  This ensures
# that an endpoint does not send packets to an old peer address in the
# case that it receives reordered packets.
# 
# An endpoint MAY send data to an unvalidated peer address, but it MUST
# protect against potential attacks as described in Sections 9.3.1 and
# 9.3.2.  An endpoint MAY skip validation of a peer address if that
# address has been seen recently.  In particular, if an endpoint
# returns to a previously validated path after detecting some form of
# spurious migration, skipping address validation and restoring loss
# detection and congestion state can reduce the performance impact of
# the attack.
# 
# After changing the address to which it sends non-probing packets, an
# endpoint can abandon any path validation for other addresses.
# 
# Receiving a packet from a new peer address could be the result of a
# NAT rebinding at the peer.
# 
# After verifying a new client address, the server SHOULD send new
# address validation tokens (Section 8) to the client.

[[spec]]
level = "MUST"
quote = '''
If the recipient permits the migration, it MUST send subsequent
packets to the new peer address and MUST initiate path validation
(Section 8.2) to verify the peer's ownership of the address if
validation is not already underway.
'''

[[spec]]
level = "MUST"
quote = '''
If the recipient permits the migration, it MUST send subsequent
packets to the new peer address and MUST initiate path validation
(Section 8.2) to verify the peer's ownership of the address if
validation is not already underway.
'''

[[spec]]
level = "MUST"
quote = '''
An endpoint MAY send data to an unvalidated peer address, but it MUST
protect against potential attacks as described in Sections 9.3.1 and
9.3.2.
'''

[[spec]]
level = "MAY"
quote = '''
An endpoint MAY skip validation of a peer address if that
address has been seen recently.
'''

[[spec]]
level = "SHOULD"
quote = '''
After verifying a new client address, the server SHOULD send new
address validation tokens (Section 8) to the client.
'''