Goal for whom? Enterprises: decrypt data by man-on-the-side boxes. TLS WG: prevent exactly that. Matt: provide a visible, standardized mechanism to do it so enterprises don’t do exactly the sort of thing you propose.
-
-
Quic packets are the record layer for quic, so quic only forwards tls messages not records
-
Yeah, I mean, more generally, one could/should analyze QUIC more generally to see if there are unnecessary covert channels. I assume that since it uses TLS 1.3 then Server.Random is still one, for example.
-
The harder problem with QUIC is that the server could just send out a junk QUIC record that the client throws away, which contains the)(encrypted) information for the MitM to process. So, probably there's not much one could do.
-
Ya quic is designed ignore things that don’t decrypt so you could technically send a malformed udp packet with anything in it
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.