Open Sashan opened 4 days ago
t8m
commented
4 days ago IMO handling the validation token can be fully stateless - just make it a HMAC of the new destination connection ID with a random key set during the library or SSL_CTX initialization. No need to expire anything as this cannot be really brute-forced and expiration happens naturally when the server is restarted and a new key is generated.
mattcaswell
commented
4 days ago Our DTLS implementation uses a "cookie" for much the same purpose as QUIC's validation token:
For DTLS the cookie (i.e. validation token) is actually generated via an application callback. We have an implementation of this in our apps:
We might draw some inspiration from how this works.
vavroch2010
commented
1 day ago Include tests
This issue refers to draft PR #25842. The prototype uses simple
openssltokenstring as a validation token. This is not sufficient to provide protection against spoofing. The token needs to serve as proof it comes from server and it must be impossible (computationally expensive) to anyone to generate valid token. I believe it must be conceptually similar to TCP syn-cookies.The devil here is hiding on how long the validation token we sent out should remain valid, this really depends on how strong the cryptographic mechanism is. I think it also depends on bandwidth potential attacker can utilize to eventually brute force the token. Perhaps the expiration token time needs to be tunable. Best answer here is to learn from other QUIC stacks.