You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As we do work to decouple the potential risks on correlation between the incoming/outgoing connections, the forwarding of ECN has potential risk. An active attacker could embed signals over a series of packets by clearing+setting ECN bits and observing the same signal on the output side.
The end-to-end QUIC congestion control makes it so we really do want to forward ECN, so it's unclear what can be done about this risk in a way that also allows ECN to be applied on any of the hops.
This might be something to just capture as a known potential risk and downside for this use-case.
The text was updated successfully, but these errors were encountered:
As we do work to decouple the potential risks on correlation between the incoming/outgoing connections, the forwarding of ECN has potential risk. An active attacker could embed signals over a series of packets by clearing+setting ECN bits and observing the same signal on the output side.
The end-to-end QUIC congestion control makes it so we really do want to forward ECN, so it's unclear what can be done about this risk in a way that also allows ECN to be applied on any of the hops.
This might be something to just capture as a known potential risk and downside for this use-case.
The text was updated successfully, but these errors were encountered: