Follow

Am I missing something or would an attacker be able to force a migration of someone else's connection in QUIC to a system under their control, by capturing the connection ID and spoofing a migration message with the same ID?

· · Web · 1 · 0 · 0

@joepie91 even if it did; how does that help? The party would be able to receive packets it doesn't have the session key for?

I remember vaguely that quic does some source address validation dance as well though

@arianvp Oh right, I guess every connection is encrypted and authenticated by default; I suppose that's the part I was missing

Sign in to participate in the conversation
Pixietown

Small server part of the pixie.town infrastructure. Registration is closed.