tuic icon indicating copy to clipboard operation
tuic copied to clipboard

Published 20 hours ago verified publisher icon EAimTY

Channel binding for authentication

Open DemiMarie opened this issue 2 years ago • 2 comments

The authentication token should be bound to the secure QUIC session in some way.

DemiMarie avatar Apr 06 '22 20:04 DemiMarie

That's a good point, but it is a little tricky to implement. Since quinn doesn't expose any API for obtaining a stable and peers-equivalent parameter, it is difficult to bound token to connection without consuming extra rtt.

EAimTY avatar Apr 08 '22 08:04 EAimTY

That's a good point, but it is a little tricky to implement. Since quinn doesn't expose any API for obtaining a stable and peers-equivalent parameter, it is difficult to bound token to connection without consuming extra rtt.

One option might be to use a hash of the peer’s public key.

DemiMarie avatar Apr 08 '22 08:04 DemiMarie