weixin_39638105
weixin_39638105
2020-12-29 23:42

Cleartext integrity as version independent

making the cleartext integrity checksum version independent would prevent a lot of version negotiation packets from being generated based on receipt of non-quic (and make it harder to use that as an amplification vector?)

该提问来源于开源项目:quicwg/base-drafts

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

4条回答

  • weixin_39646725 weixin_39646725 4月前

    If version negotiation is amplifying, something is badly wrong.

    I believe that version negotiation should only be generated for packets that exceed a certain size (because the only packet that it makes sense to send version negotiation in response to is an initial client packet and those are guaranteed to be pretty big). That is, for some version of a guarantee and some version of big. Note however that we don't have that written down (or even agreed).

    As for being able to distinguish noise from QUIC, that's a good reason. We should discuss that.

    点赞 评论 复制链接分享
  • weixin_39638105 weixin_39638105 4月前

    re: amp - that's a versioning guarantee thing again.. a v1 initial client packet is pretty big.. but a >1 packet received by a v1 server? we have very few rules about the future.. maybe we need a few.

    点赞 评论 复制链接分享
  • weixin_39646725 weixin_39646725 4月前

    Yes, some constraints on future flexibility seem wise, as long as we can keep it light.

    点赞 评论 复制链接分享
  • weixin_39646725 weixin_39646725 4月前

    I think that we resolved this with invariants and #724. , explain and reopen if you disagree.

    点赞 评论 复制链接分享

相关推荐