Closed Ralith closed 1 year ago
Straightforward but not quite trivial. We'd need to set up a a server with a known ResetKey
, connect to it, and then inject a hand-crafted reset packet to the client. Would be a good follow-up.
Can this be backported + released for 0.10.x? :)
Backport/bump PR: https://github.com/quinn-rs/quinn/pull/1647
Published in 0.10.4.
RFC9000 says: endpoints MUST treat any packet ending in a valid stateless reset token as a Stateless Reset
Previously, we did not detect stateless resets that appeared to be unprotected packets (e.g. Retry or Version Negotiation) or which were successfully decrypted (astronomically unlikely with TLS, but possible with custom cryptographic layers).
We didn't detect this before because all current standard QUIC versions only issue stateless resets as short-header packets.