marten-seemann
commented
4 days ago I'm not sure I understand the scenario. Why is the upstream connection affected by a client not acknowledging data on the downstream connection?
RESET_STREAM_AT only covers data that has already been transmitted to the client (at least) once, and if the client refused to acknowledge these frames, they will stay within the QUIC stack's retransmission buffer. Why would they have any effect on the proxy's connection to the upstream server?
martinduke
LPardue
I've heard some talk about a possible API where one sets a reliable_size, and then Reset() calls result in a RESET_STREAM_AT instead.
If that's all there is, there's a potential security problem, because the ability to send a later RESET_STREAM (reliable_size = 0) is important.
Say a proxy is connecting on behalf of multiple clients, each with one stream. The server sets RESET_STREAM_AT for one stream with some undelivered data. The client for that stream, an attacker, never acknowledges data, causing the proxy to not allow the delivery of reliable_size. The correct thing for the server to do is eventually reduce reliable_size to zero -- the only other alternative is to kill the connection, which would affect all the other clients.
This is not really a gap in the spec, but it's an important implementation detail that probably ought to go in security considerations.