[Make-wifi-fast] [Rpm] tack - reducing acks on wlans
Michael Welzl
michawe at ifi.uio.no
Thu Oct 21 03:18:30 EDT 2021
Hi again,
A clarification about one point here - I had overlooked “close-by”, now I think I understand the attack: this is a host on the same WiFi network, spoofing packets, and sending NACKs (or DupACKs, for TCP, probably) - right?
See below:
>> Yet, the QUIC protocol makes ACKs part of the protected payload. Having the ACKs protected by the frame protection allows ensuring that nobody had meddled with the ACKs - and by this to avoid an entire class of attacks that put a close-by endpoint which NACKs segments.
>
> Were such attacks a real problem before QUIC was designed? And besides, aren’t MASQUE proxies visible and authenticated?
So this seems not to be a matching answer for the attack that I now think you have in mind.
Here’s another answer: this is solved by encryption between the host and the MASQUE proxy. That’s okay, I’m not questioning this part of the design. What I say is: the MASQUE proxy itself shouldn’t have to relay e2e-encrypted transport headers (which I *believe* it does, but I really still have some catching-up to do). (and of course I also don’t speak against the e2e encryption of payload!)
Cheers,
Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.bufferbloat.net/pipermail/make-wifi-fast/attachments/20211021/64d0467c/attachment.html>
More information about the Make-wifi-fast
mailing list