Am I missing something or would an attacker be able to force a migration of someone else's connection in QUIC to a system under their control, by capturing the connection ID and spoofing a migration message with the same ID?
@joepie91 even if it did; how does that help? The party would be able to receive packets it doesn't have the session key for?
I remember vaguely that quic does some source address validation dance as well though
