target = "https://tools.ietf.org/rfc/rfc8446#4.2.2"

# 4.2.2.  Cookie
#
#    struct {
#        opaque cookie<1..2^16-1>;
#    } Cookie;
# 
# Cookies serve two primary purposes:
# 
# -  Allowing the server to force the client to demonstrate
#    reachability at their apparent network address (thus providing a
#    measure of DoS protection).  This is primarily useful for
#    non-connection-oriented transports (see [RFC6347] for an example
#    of this).
# 
# -  Allowing the server to offload state to the client, thus allowing
#    it to send a HelloRetryRequest without storing any state.  The
#    server can do this by storing the hash of the ClientHello in the
#    HelloRetryRequest cookie (protected with some suitable integrity
#    protection algorithm).
# 
# When sending a HelloRetryRequest, the server MAY provide a "cookie"
# extension to the client (this is an exception to the usual rule that
# the only extensions that may be sent are those that appear in the
# ClientHello).  When sending the new ClientHello, the client MUST copy
# the contents of the extension received in the HelloRetryRequest into
# a "cookie" extension in the new ClientHello.  Clients MUST NOT use
# cookies in their initial ClientHello in subsequent connections.
# 
# When a server is operating statelessly, it may receive an unprotected
# record of type change_cipher_spec between the first and second
# ClientHello (see Section 5).  Since the server is not storing any
# state, this will appear as if it were the first message to be
# received.  Servers operating statelessly MUST ignore these records.

[[spec]]
level = "MAY"
quote = '''
When sending a HelloRetryRequest, the server MAY provide a "cookie"
extension to the client (this is an exception to the usual rule that
the only extensions that may be sent are those that appear in the
ClientHello).
'''

[[spec]]
level = "MUST"
quote = '''
When sending the new ClientHello, the client MUST copy
the contents of the extension received in the HelloRetryRequest into
a "cookie" extension in the new ClientHello.
'''

[[spec]]
level = "MUST"
quote = '''
Clients MUST NOT use
cookies in their initial ClientHello in subsequent connections.
'''

[[spec]]
level = "MUST"
quote = '''
Servers operating statelessly MUST ignore these records.
'''