IETF Logo Mail Archive

Re: [Masque] Forwarded Mode infinite loops

Martin Duke <martin.h.duke@gmail.com> Tue, 24 October 2023 16:57 UTC

Return-Path: <martin.h.duke@gmail.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70E95C14CE31 for <masque@ietfa.amsl.com>; Tue, 24 Oct 2023 09:57:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sstoNGF8745l for <masque@ietfa.amsl.com>; Tue, 24 Oct 2023 09:57:48 -0700 (PDT)
Received: from mail-vs1-xe2e.google.com (mail-vs1-xe2e.google.com [IPv6:2607:f8b0:4864:20::e2e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2742EC14CEFD for <masque@ietf.org>; Tue, 24 Oct 2023 09:57:43 -0700 (PDT)
Received: by mail-vs1-xe2e.google.com with SMTP id ada2fe7eead31-457cb7f53afso1809608137.3 for <masque@ietf.org>; Tue, 24 Oct 2023 09:57:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1698166662; x=1698771462; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=CGyM3NYQ8MyteUII8dL8uH2kJrn1G663secrQzLHX8o=; b=J4At4JbX4lE34vNbWl//w9N25FVosxAEOvBSxCrfhA9gT02NnhzGJO80USEhNcMFG7 WJ/b1dsddGNoomstNYAknJzeVDGPJUEFuaUHbYV2g9TcSPtf/o8dBlsgxdJB906ks1qU hsIXchHDgzJa87jDUjES5X5D05e2Wxc9d8R1ZSuAUTU1rHVAliAuxoMwi7voNyYcqC3l NcfEvDQy0ikOF09EWka2JlHjBIohRqKGWnSXvt/gRj/E5RZk077hdbLggjxtLXuwCYJa LGdoG+j0Qi8NNKMN7ypcVIlCFnQHrCGbCtiU3nZpqt6zpBTXQY6UCxHrhEpqRu8sD2Ty P5vQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698166662; x=1698771462; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=CGyM3NYQ8MyteUII8dL8uH2kJrn1G663secrQzLHX8o=; b=wBhObBTy4IfqnIEnkmmAKSzZXvEjKXE3aD2E5Z2jUDj1/VEEdu+BaExSIFIZgj1M3a STAm4bOc9NlFqyuvLnjmT7WehV8wo3m52kDOQQsnF/UT19UtEAhi9H/vEFjScw1VyIFj aaCxPqXxeMLXyuGQeoJtJS0dz09X8RREEGRgPXyiFTBDm+lppwXNRRIKFMGZzwAM83RG ICPwZajT9hfqiUYbiey1j+3UiaG1DJ34OFW5nFp+wItXaRJF1jHOb6TPFURcJjPFLm2v mGl/fPN6pQzqS2jiangr4V+D//1sppWReI4SZF6Ls3EMH9plv1Y3QwJd4kH644O0GAQF D4OA==
X-Gm-Message-State: AOJu0YyJwhDhX0bYQ9xXNXT+QZG5kRW6S6s0KrPnj0/tvi1vLbabwBgV iOq5fgi/vFKMDDtb/FtkqwGBl2UJo4B+pMg7az0=
X-Google-Smtp-Source: AGHT+IGfMCb0arZZFzB/5u74nvN4p1SE1R2cjRaLG727h2U/TE7mnOX0zkTiHs3UrMBhhp/2wQ3Nb8ADOOQgKME0JY4=
X-Received: by 2002:a67:c09e:0:b0:457:d97a:4553 with SMTP id x30-20020a67c09e000000b00457d97a4553mr12195061vsi.25.1698166661476; Tue, 24 Oct 2023 09:57:41 -0700 (PDT)
MIME-Version: 1.0
References: <CAM4esxRzTu=njLp7Uk=4AvObxD5j0FG1fQHKtoyDGFWF7q1jdg@mail.gmail.com> <BN8PR15MB3281FF073C549E3A39DD087BB3DBA@BN8PR15MB3281.namprd15.prod.outlook.com> <CAM4esxRKTNdGBpiO5_s33UikPnSG54K1dNKYua6_ca3f4jE2=A@mail.gmail.com> <BN8PR15MB32817A645AB33154DE9ACFFEB3DBA@BN8PR15MB3281.namprd15.prod.outlook.com> <CAM4esxSMEtExuW0WewKCjz3Xc+_pe7czdx_gRcqe7uqZJ8B8Rw@mail.gmail.com> <CAM4esxQf6T7G8TWLcKsF0=cEyvndN2HHK+D4s8EvOF+Z=gXbMQ@mail.gmail.com> <CAM4esxTwkE1wHwFuLDLx8h5qzRtWTFhfQgWgteWPSoTeEuQQuA@mail.gmail.com> <CAPDSy+7cPETw-CEd910AodgV3ADJuFsfDRi3FAxyY=pYVRoc-Q@mail.gmail.com> <CAM4esxShEYAgZ-LhVSPtdaajiAhRx99tj0ef-t+AmJGBiHMOOA@mail.gmail.com> <34F58C3B-7677-4974-8AB9-CDF011EABA1B@apple.com> <CAKcm_gNUriekTx7WdmD4yjrRABecvXLvyqr+wPdfOLYaS1RRww@mail.gmail.com>
In-Reply-To: <CAKcm_gNUriekTx7WdmD4yjrRABecvXLvyqr+wPdfOLYaS1RRww@mail.gmail.com>
From: Martin Duke <martin.h.duke@gmail.com>
Date: Tue, 24 Oct 2023 09:57:29 -0700
Message-ID: <CAM4esxQamgoBTKVnJ6XCxgKqmYCkyKa0=MuzjMhvMvVDYa0f-Q@mail.gmail.com>
To: Ian Swett <ianswett@google.com>
Cc: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>, David Schinazi <dschinazi.ietf@gmail.com>, MASQUE <masque@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a07b110608793c04"
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/W9IvU8jC4D4oOoRnQarQOzII6e0>
Subject: Re: [Masque] Forwarded Mode infinite loops
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Oct 2023 16:57:49 -0000

That's a good question!

IIUC, CONNECT-IP does decrement the TTL, but CONNECT-UDP does not because
it is not preserving the IP header (The CONNECT-IP draft mentions TTL and
CONNECT-UDP does not). The quic-proxy draft doesn't say anything about
this, so I imagine that rule still applies.

On Tue, Oct 24, 2023 at 6:43 AM Ian Swett <ianswett@google.com> wrote:

> I assume each hop would decrement the TTL?  If so, wouldn't this be a
> loop, but not infinite?
>
> Ian
>
> On Mon, Oct 23, 2023, 11:01 PM Tommy Pauly <tpauly=
> 40apple.com@dmarc.ietf.org> wrote:
>
>> It was useful for me to draw this out in (unnecessary) detail to show how
>> this only needs the ingress IP to be shared, not the egress IP.
>>
>> To help go through this, let me fill in the example you gave with more
>> details about IPs and ports — since the forwarding mappings depend on these
>> “sockets”.
>>
>> Let’s start with a case where the addresses aren’t being shared.
>>
>> *C *has address 1111::1
>> *P1* has ingress address 2222::2, and egress address 3333::3
>> *P2* has ingress address 4444::4, and egress address 5555::5
>> *P3* has ingress address 6666::6, and egress address 7777::7
>> *T* has ingress address 8888::8
>>
>> *C *is set up to receive CID4 on 1111::1 port 10000 from 2222::2 port 443
>> *P1 *is set up to receive CID3 on 3333::3 port 20000 from 4444::4 port
>> 443, and forward it as CID4 to 1111::1 port 10000 from 2222::2 port 443
>> *P2 *is set up to receive CID2 on 5555::5 port 30000 from 2222::2 port
>> 443, and forward it as CID3 to 3333::3 port 20000 from 4444::4 port 443
>> *P1 *is set up to receive CID1 on 3333::3 port 40000 from 6666::6 port
>> 443, and forward it as CID2 to 5555::5 port 30000 from 2222::2 port 443
>> *P3 *is set up to receive CID0 on 7777::7 port 50000 from 8888::8 port
>> 443, and forward it as CID1 to 3333::3 port 40000 from 6666::6 port 443
>> *T *sends using CID0 to 7777::7 port 50000 from 8888::8 port 443
>>
>> In this case, since there is no address sharing, if the client tells *P2* to
>> instead map from (CID2 on 5555::5 port 30000 from 2222::2 port 443) to (CID1
>> to 3333::3 port 20000 from 4444::4 port 443), the connection will break,
>> but there will be no loop, since *P1* won’t allow receiving CID1 on that
>> socket.
>>
>>
>> Then, let’s explore the case of shared addresses. If we only have P2 and
>> P3 share an ingress VIP, and P1 reuses sockets on egress, we have the
>> following:
>>
>> *C *has address 1111::1
>> *P1* has ingress address 2222::2, and egress address 3333::3
>> *P2* has ingress address 4444::4, and egress address 5555::5
>> *P3* has ingress address 4444::4, and egress address 7777::7
>> *T* has ingress address 8888::8
>>
>> *C *is set up to receive CID4 on 1111::1 port 10000 from 2222::2 port 443
>> *P1 *is set up to receive CID3 on 3333::3 port 20000 from 4444::4 port
>> 443, and forward it as CID4 to 1111::1 port 10000 from 2222::2 port 443
>> *P2 *is set up to receive CID2 on 5555::5 port 30000 from 2222::2 port
>> 443, and forward it as CID3 to 3333::3 port 20000 from 4444::4 port 443
>> *P1 *is set up to receive CID1 on 3333::3 port 20000 from 4444::4 port
>> 443, and forward it as CID2 to 5555::5 port 30000 from 2222::2 port 443
>> *P3 *is set up to receive CID0 on 7777::7 port 50000 from 8888::8 port
>> 443, and forward it as CID1 to 3333::3 port 20000 from 4444::4 port 443
>> *T *sends using CID0 to 7777::7 port 50000 from 8888::8 port 443
>>
>> Then, if the client tells *P2* to instead map from (CID2 on 5555::5 port
>> 30000 from 2222::2 port 443) to (CID1 to 3333::3 port 20000 from 4444::4
>> port 443), the loop occurs because there are two mappings for receiving on
>> *P1 *that differ only in CID.
>>
>> Tommy
>>
>> On Oct 23, 2023, at 7:08 PM, Martin Duke <martin.h.duke@gmail.com> wrote:
>>
>> The reason I put in the point about VIPs is that P1 cannot distinguish
>> between a packet from P2 and P3 if they share an ingress VIP
>>
>> If they're from different IP addresses it's sufficient for P1 to check
>> the source IP of packets arriving from the target
>>
>> Does that answer your question?
>>
>>
>> On Mon, Oct 23, 2023, 18:34 David Schinazi <dschinazi.ietf@gmail.com>
>> wrote:
>>
>>> Hi Martin,
>>>
>>> I don't understand how the fact that P2 and P3 share a VIP impacts the
>>> attack. Thinking about this some more, maybe the issue is that we mean
>>> different things when we say VIP? In my mind:
>>>
>>> * a "VIP" is an (IP address, UDP port) tuple. The V stands for virtual
>>> in the
>>>   sense that two separate servers can both have the same IP due to
>>> anycast.
>>>
>>> * an "ingress VIP" is the VIP that the client sends packets to. In the
>>> document
>>>   this is called a "client-facing socket".
>>>
>>> * an "egress VIP" is the VIP that the target sends packets to. In the
>>> document
>>>   this is called a "target-facing socket".
>>>
>>> Ingress VIPs are very common in practice. Many CDNs will use anycast and
>>> have an ingress VIP that represents a fleet of frontends. Egress VIPs
>>> however,
>>> don't make any sense to me, because you'd never want anycast on egress
>>> IPs.
>>>
>>> Could you help reframe the P2/P3 shared VIP point in terms of ingress and
>>> egress VIPs please?
>>>
>>> Thanks,
>>> David
>>>
>>>
>>> On Fri, Oct 20, 2023 at 3:00 PM Martin Duke <martin.h.duke@gmail.com>
>>> wrote:
>>>
>>>> As I continue to think about this, I'm not sure that
>>>> authentication even solves the problem. The client could authenticate with
>>>> each client, sure, but to P1, P2 and P3 are essentially targets. Targets,
>>>> obviously will not do anything special just because this is a connection
>>>> over MASQUE, so there cannot be a special mechanism for P1 to verify
>>>> authenticity of packets from the target, unless it has the target-client
>>>> session keys.
>>>>
>>>> On Fri, Oct 20, 2023 at 12:14 PM Martin Duke <martin.h.duke@gmail.com>
>>>> wrote:
>>>>
>>>>> I should add that another way to thwart this attack is to require the
>>>>> proxy to open a new target-facing socket for every client request. Then the
>>>>> packet incoming to P1 would be disambiguated by the destination IP/port.
>>>>> Not opening a new socket is currently allowed in the spec, which IIUC is a
>>>>> change from CONNECT-UDP.
>>>>>
>>>>> So the proxy vulnerability occurs if
>>>>> (1) P2/P3 share a VIP,
>>>>> (2) P1 is not load balanced, so that the attacker can directly target
>>>>> it, and
>>>>> (3) P1 is not opening unique target-facing sockets for each request,
>>>>> even though the target IP/port are the same.
>>>>>
>>>>> On Fri, Oct 20, 2023 at 11:56 AM Martin Duke <martin.h.duke@gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Forwarded packets from the client SHOULD count. The draft is silent
>>>>>> about forwarded packets from the target.
>>>>>>
>>>>>> But fair enough, the client needs to do just enough to keep it alive.
>>>>>>
>>>>>> On Fri, Oct 20, 2023 at 11:15 AM Ben Schwartz <bemasc@meta.com>
>>>>>> wrote:
>>>>>>
>>>>>>> I'm not sure the client can actually "go away".  If the HTTP
>>>>>>> connection ends, the forwarding sessions will also end, so this can be
>>>>>>> addressed by setting a QUIC max_idle_timeout.
>>>>>>>
>>>>>>> This assumes that forwarded packets don't count toward the idle
>>>>>>> timeout, which they shouldn't.  We might need to say that in the draft.
>>>>>>>
>>>>>>> --Ben
>>>>>>> ------------------------------
>>>>>>> *From:* Masque <masque-bounces@ietf.org> on behalf of Martin Duke <
>>>>>>> martin.h.duke@gmail.com>
>>>>>>> *Sent:* Friday, October 20, 2023 1:47 PM
>>>>>>> *To:* Ben Schwartz <bemasc@meta.com>
>>>>>>> *Cc:* MASQUE <masque@ietf.org>
>>>>>>> *Subject:* Re: [Masque] Forwarded Mode infinite loops
>>>>>>>
>>>>>>> Ben, Replies inline. On Fri, Oct 20, 2023 at 9: 53 AM Ben Schwartz
>>>>>>> <bemasc@ meta. com> wrote: Loops! This is a fun attack. It seems
>>>>>>> like there are probably lots of loopy configurations if you have access to
>>>>>>> two or more proxies. Most of the
>>>>>>> Ben,
>>>>>>>
>>>>>>> Replies inline.
>>>>>>>
>>>>>>> On Fri, Oct 20, 2023 at 9:53 AM Ben Schwartz <bemasc@meta.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>> Loops!  This is a fun attack.  It seems like there are probably lots
>>>>>>> of loopy configurations if you have access to two or more proxies.
>>>>>>>
>>>>>>> Most of the encryption discussion for forwarded mode has focused on
>>>>>>> unauthenticated encryption, which wouldn't help here.
>>>>>>>
>>>>>>>
>>>>>>> I have not seen a written proposal in this space, but if the
>>>>>>> encryption scheme has no authentication properties it doesn't mitigate
>>>>>>> pretty basic DoS attacks. Perhaps this attack creates a new design
>>>>>>> requirement for encryption?
>>>>>>>
>>>>>>>
>>>>>>> Changing who chooses the Connection IDs could help, but proxy-chosen
>>>>>>> CIDs are not necessarily high entropy, so there's no clear guarantee.
>>>>>>>
>>>>>>>
>>>>>>> IIUC your contention is that this arises when P3 and P2 both happen
>>>>>>> to select CID1 as the virtual connection ID. A well-intentioned client
>>>>>>> would therefore register CID1 to P1 twice, and P1 would reject it as a
>>>>>>> duplicate in one of those instances, avoiding a loop.
>>>>>>>
>>>>>>> However, a malicious client could note the conflict and just
>>>>>>> register CID3 to P1 instead, creating the same attack.
>>>>>>>
>>>>>>> I do think that if we try to fix this with proxy-chooses, there need
>>>>>>> to be some minimum size limits to avoid this kind of thing. If CIDs are 64
>>>>>>> bits (or even 32!) I feel pretty good about this not being an exploitable
>>>>>>> attack.
>>>>>>>
>>>>>>>
>>>>>>> Ultimately, I'm not sure this matters.  A hostile client can impose
>>>>>>> pretty much arbitrarily amplified load on the forwarder anyway, e.g. by
>>>>>>> downloading a large file and forging ACKs to dropped packets so that
>>>>>>> congestion control ramps up to infinity.  Forwarders will need defenses to
>>>>>>> rate-limit or cap abusive clients.  That said, it's probably worth fixing
>>>>>>> if there's an easy solution.
>>>>>>>
>>>>>>>
>>>>>>> I agree there are other attacks -- in fact, I have other
>>>>>>> amplification attacks in mind, which will write about another day.
>>>>>>>
>>>>>>> What is particularly pernicious about this attack is that a single
>>>>>>> attacker packet results in infinity packets in the proxy path. This flow
>>>>>>> can be "rate limited" but the client can go away and this persists forever.
>>>>>>>
>>>>>>> Buit
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --Ben
>>>>>>> ------------------------------
>>>>>>> *From:* Masque <masque-bounces@ietf.org> on behalf of Martin Duke <
>>>>>>> martin.h.duke@gmail.com>
>>>>>>> *Sent:* Wednesday, October 18, 2023 5:25 PM
>>>>>>> *To:* MASQUE <masque@ietf.org>
>>>>>>> *Subject:* [Masque] Forwarded Mode infinite loops
>>>>>>>
>>>>>>> Hello MASQUE, (with no hats on) I was playing with some annoying but
>>>>>>> manageable amplification attacks on CONNECT-UDP forwarding mode. Those will
>>>>>>> have to wait for another day, because the current draft has a fatal
>>>>>>> vulnerability, though one that
>>>>>>> Hello MASQUE,
>>>>>>>
>>>>>>> (with no hats on)
>>>>>>>
>>>>>>> I was playing with some annoying but manageable amplification
>>>>>>> attacks on CONNECT-UDP forwarding mode. Those will have to wait for another
>>>>>>> day, because the current draft has a fatal vulnerability, though one that
>>>>>>> we can fix pretty easily.
>>>>>>>
>>>>>>> If I've gotten something incorrect, please say so! It wouldn't be
>>>>>>> the first time.
>>>>>>>
>>>>>>> Recall that for forwarded mode, clients notify the proxy of the
>>>>>>> connection ID they are advertising to the target, and in the same
>>>>>>> capsule propose a "virtual connection ID" for use on the proxy-client path.
>>>>>>> (IIUC, this virtual CID is to prevent association of the packets on either
>>>>>>> end of the proxy).
>>>>>>>
>>>>>>> I reiterate that we are talking about the CLIENT connection ID and
>>>>>>> its virtual counterparts, not the target.
>>>>>>>
>>>>>>> Consider the following very stupid topology that a client C could
>>>>>>> construct to target T via various proxies. Crucially, P2 and P3 are from
>>>>>>> the same provider and share a VIP.* This wrinkle eliminates some really
>>>>>>> simple mitigations for what I'm about to describe.
>>>>>>>
>>>>>>> C -> P1 -> P2 -> P1 -> P3 ->  T
>>>>>>>
>>>>>>> An otherwise well-intentioned client would advertise client
>>>>>>> Connection ID CID0 to T, and via REGISTER_CLIENT_CID capsules might set up
>>>>>>> the rest like so:
>>>>>>>
>>>>>>> Nodes        C     P1     P2    P1    P3     T
>>>>>>> CID on wire    CID4   CID3  CID2  CID1   CID0
>>>>>>>
>>>>>>> So far, so good. A packet that leaves T will be destined for CID0.
>>>>>>> The destination CID will be rewritten in turn, arriving at C with CID4.
>>>>>>>
>>>>>>> However, a malicious client can register CIDs with the proxies as
>>>>>>> follows:
>>>>>>> Nodes        C     P1            P2      P1      P3     T
>>>>>>> CID on wire    CID4   CID3 / CID1    CID2    CID1   CID0
>>>>>>>
>>>>>>> The only change is that P2 is "incorrectly" configured by the client
>>>>>>> to rewrite incoming CID2 as CID1. As far as P2 is concerned, everything is
>>>>>>> seems legit unless it is sharing enormous amounts of CID state with its
>>>>>>> partner P3. Everything else is unchanged.
>>>>>>>
>>>>>>> Thus, a packet leaving T with CID0 will be rewritten to CID1 and
>>>>>>> routed to P1;  P1 will then route it to P2 with CID2. Then that gets routed
>>>>>>> back to P1 with CID1, and the P1-P2-P1 loop continues to infinity. The
>>>>>>> attacker can put as many proxy hops as it likes in that chain.
>>>>>>>
>>>>>>> There are a few pretty simple things that can break this doom loop.
>>>>>>> - Do encryption at each MASQUE hop, as previously proposed. This
>>>>>>> verifies the previous hop of the packet and drops those where the CID does
>>>>>>> not have the correct origin.
>>>>>>> - Have the proxy provide the virtual CID instead of the client.
>>>>>>> Client control is the root of these problems.
>>>>>>> - Eliminate virtual client CIDs and just take the L on linkability
>>>>>>> in that case
>>>>>>>
>>>>>>> Martin
>>>>>>>
>>>>>>> * Interestingly, this attack requires at least one proxy in the path
>>>>>>> (P1 in this case) to not be load balanced or have an easily manipulated
>>>>>>> load balancer, so that two QUIC connection attempts can with high
>>>>>>> probability go to the same device.
>>>>>>>
>>>>>>> --
>>>> Masque mailing list
>>>> Masque@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/masque
>>>>
>>> --
>> Masque mailing list
>> Masque@ietf.org
>> https://www.ietf.org/mailman/listinfo/masque
>>
>>
>> --
>> Masque mailing list
>> Masque@ietf.org
>> https://www.ietf.org/mailman/listinfo/masque
>>
>

v2.23.0 | Report a Bug | By Email