quinn icon indicating copy to clipboard operation
quinn copied to clipboard

Published 20 hours ago verified publisher icon quinn-rs

Usage of constant value for GREASE transport parameter make quinn vulnerable to fingerprinting by quic transport parameters.

Open mstyura opened this issue 1 year ago • 5 comments

Currently quinn uses constant value as GREASE reserved random parameter. https://github.com/quinn-rs/quinn/blob/9386cde871c750464073772409615e90344b80e9/quinn-proto/src/transport_parameters.rs#L303-L305

This make quinn client side users vulnerable to fingerprinting by predictable patterns during handshake. Thanks to ability to inject custom TLS backend like quinn-boring most of TLS handshake is configurable, except the content of quic transport parameters extension.

As a prevention actions I see the following steps:

  1. Generate random transport parameter, like it is done quic-go or quiche]: https://github.com/quinn-rs/quinn/pull/2058
  2. Make it optional: https://github.com/quinn-rs/quinn/pull/2061
  3. Implement permutation of transport parameters, like it is done in quiche: https://github.com/quinn-rs/quinn/pull/2066

mstyura avatar Nov 20 '24 10:11 mstyura

All three of those sound like nice improvements to me!

Ralith avatar Nov 20 '24 18:11 Ralith

Correct me if I'm wrong, the general philosophy of library is not to provide an API which can potentially reduce default security & privacy while providing not clear benefits. So PRs to opt out grease & random permutation (no such PR, just potentially) are not welcomed? I'm ok with any decision, just basically asking should I close above-mentioned PR or not yet (rebase).

mstyura avatar Nov 28 '24 11:11 mstyura

I think my values are that Quinn should strive to do attain optimal security/privacy by default and then we could potentially support some security/privacy-reducing choices if (a) we don't think it will have an adverse effect on future protocol development and (b) it doesn't add too much complexity. By those measures I think we could allow some limited API that opts out of grease, but maybe not random permutation? @Ralith thoughts?

djc avatar Nov 29 '24 09:11 djc

I'd like to additionally see some concrete motivation. The bar can be pretty low for simple features that don't take much code/documentation, but if we're adding new paths and taking up space even in documentation, I want some evidence that they're useful, ideally for multiple applications.

For example, "imitate Apple's implementation" is niche enough that I'm not sure it clears the bar. If the two proposed changes are the only necessary ones to achieve that end, then I'm ambivalent and happy to defer to @djc's opinion, bearing in mind that the behavior of another implementation will be a moving target. If more invasive changes we're unlikely to merge are additionally required, then the proposed changes don't seem to serve a purpose on their own and I'd rather do without.

Ralith avatar Nov 29 '24 19:11 Ralith

Perhaps a good middle-ground that:

  • Doesn't have too much maintenance burden, and
  • Allows for users to have good flexibility

is to allow users to supply their own GREASE value provider in quinn::TransportConfig or None to opt out of GREASE.

dongcarl avatar Feb 04 '25 19:02 dongcarl