s2n-quic icon indicating copy to clipboard operation
s2n-quic copied to clipboard
verified publisher icon aws

Implement blinding for alerts

Open lrstewart opened this issue 4 years ago • 1 comments

To avoid leaking timing information when alerts are sent, we should probably implement some kind of error blinding. For example, S2N-TLS waits for a random period of time when a connection is closed before sending any alerts: https://github.com/aws/s2n-tls/blob/main/tls/s2n_connection.c#L1187-L1207

lrstewart avatar Sep 15 '21 00:09 lrstewart

The place to do this would be in the close sender.

Right now we're setting transmission immediately

https://github.com/awslabs/s2n-quic/blob/7b872e70f044ecc89d37a2ebc0290c3cb9ea04f2/quic/s2n-quic-transport/src/connection/close_sender.rs#L34

It would be better to set it after a timer expiration

camshaft avatar Sep 16 '21 00:09 camshaft