Closed kazuho closed 3 months ago
Christian and I are talking about doing a completely new QUIC version, which addresses the packet drop risk.
My understanding is that replacement is far easier than insertion for a middlebox, to the extent that anything else is likely a non-starter.
My assumption has been that the middleboxes that send TRAIN packets are going to be the sophisticated ones and that they can inject packets like they do with ICMP packets. But I could very well be incorrect.
That said, I think rewriting is fine.
Separately, I would point out that the receiver cannot distinguish between a rewritten packet and an injected packet if Initial packets are allowed to carry the bandwidth information, as they are not encrypted using keys known only to the endpoints.
Rewriting helps if you consider it likely that there could be an attacker that can observe and inject packets on the path. The conditions for success there aren't great, but it is an attack modality that is easier to block than document :)
The point about the Initial packet is well-taken. Particularly if an off-path attacker is willing to accept a high risk of failure. Though I would observe that there are limits to what an attacker might achieve in most of these adaptive bit rate scenarios.
@kazuho with the new design, are you comfortable closing this issue? I think that we're in pretty good shape overall. We'll need to expand on the attack modalities stuff though.
Yes, let's close.
Current design suggests middleboxes rewrite QUIC packets.
This approach has the following problem:
So what about the following:
To paraphrase, middleboxes that observe a long header QUIC packet can simply copy the Destination CID and Source CID fields of the QUIC packet, and inject a new QUIC packet using the same CID pair, with a special version number(s) indicating that the information is from the middlebox.
As said, the benefit of this approach is that it would work with any version of QUIC, and that there would be no negative impact to the throughput of existing QUIC stacks. Also, the protocol can be used by other UDP-based protocols, provided that they define a way for endpoints to agree on the value of CID fields used for validation.
WDYT?