|
|
Subscribe / Log in / New account

QUIC permissiveness

QUIC permissiveness

Posted Nov 29, 2023 14:32 UTC (Wed) by farnz (subscriber, #17727)
In reply to: QUIC permissiveness by paulj
Parent article: OpenSSL 3.2.0 released

The network operators have demonstrated that if they have the private key, they will misuse it (as they have misused the ability to tamper with TCP traffic beyond port numbers changing in a NAPT). It's just a shame that applications don't make it easy to record the private keys for retrospective analysis by the owner of an endpoint.

to post comments

QUIC permissiveness

Posted Nov 29, 2023 15:02 UTC (Wed) by paulj (subscriber, #341) [Link]

You don't need to give operators the private key to let them see information. E.g. the QUIC header is not encrypted (but is part of the MAC, so can not be tampered with) - that's why they can see the spin bit.

Might it be better to give the network a bit more and higher-quality information about the congestion-related state of the flow, so network operators could debug problems?... maybe.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds