QUIC RETRY broken - the secret is entirely derived from data in the token
Closed this issue · 1 comments
nbridge-jump commented
An adversary can create an INITIAL packet with a spoofed token
The server needs to keep an internal secret to combine with the random bits in the token to make a secure secret for deriving the key
nbridge-jump commented
Fixed in #1955