View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007894 | GNUnet | transport service | public | 2023-07-27 13:36 | 2023-07-27 13:40 |
| Reporter | schanzen | Assigned To | stmr | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | assigned | Resolution | open | ||
| Summary | 0007894: QUIC communicator TLS "channel binding" | ||||
| Description | We possibly want to bind the peer ID to the TLS certificate used in the handshake. We can use the API of quiche: void quiche_conn_peer_cert(const quiche_conn *conn, const uint8_t **out, size_t *out_len); To retrieve the certificate of an incoming connection in DER format. The peer should then, in addition to its Peer ID, send a signature using the peer private key over the DER certificate. Once verified, the same can be done in the other direction. | ||||
| Tags | No tags attached. | ||||
| related to | 0007774 | new | QUIC communicator implementation |
|
|
Motivation: An adversary may establish a TLS-over-QUIC connection to our peer. In our current implementation, it may spoof any Peer ID making MitM trivial. Binding the TLS certificate (maybe even better, the cryptographic session from quiche_conn_session), to the Peer ID, makes it a lot harder for an adversary to MitM such a connection. |
