Design team output

[tfpauly]

Creating a PR for the output of the design team, to add a way to encrypt packets in forwarded mode.

Rendered view of this PR Rendered diff with main

[knekritz]

If I understand correctly, the scramble transform can be defeated by a single injected packet (ie with duplicated iv bytes, leading to key/iv reuse with aes-ctr). I think we should explicitly mention this in the security considerations, as this is both lower effort than most active attacks, and difficult to detect.

[bemasc]

@knekritz That's mentioned here: https://github.com/ietf-wg-masque/draft-ietf-masque-quic-proxy/pull/99/files#diff-15989da260773d143aa26dfcede63dff650a8d3c2f684cd01cc97adf9e9cf53cR1039-R1043.