...continued from part 2
RFC 8999, 9368, 9369
The security considerations sections of these documents focus on downgrade prevention. No additional requirements beyond what is already discussed elsewhere in the documents.
RFC 9001 Using TLS to Secure QUIC
9.1 Session Linkability
JSSE TLS implementation does not reuse session tickets. It is also possible to prevent session resumption by using a different SSLContext for every connection.
9.2 Replay Attacks with 0-RTT
0-RTT requires support in HttpClient, QUIC and TLS. None of these is implemented.
9.3 Packet Reflection Attack Mitigation
This section discusses server anti-amplification limit. The requirements do not apply to the client side.
9.4 Header Protection Analysis
No additional requirements
9.5 Header Protection Timing Side Channels
We do not discard packets with duplicate packet number without decrypting them first.
We do not generate packet decryption keys while decrypting.
The packet decryption time might differ between current, previous and next key space. It might need further improvement.
9.6 Key Diversity
No additional requirements
9.7 Randomness
Connection IDs are generated with a secure random number generator.
RFC 9002 QUIC Loss Detection and Congestion Control
8.1 Loss and Congestion Signals
No additional requirements
8.2 Traffic Analysis
No additional requirements
8.3 Misreporting ECN Markings
Our QUIC implementation does not currently support sending or receiving ECN.
This concludes the overview of QUIC RFCs.
continued in part 4...
No comments:
Post a Comment