You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The good news is that we don't need QUIC's version negotiation in libp2p, as our multiaddresses (now) contain the QUIC version. We can therefore disable QUIC version negotiation. A QUIC server would then immediately drop Long Header packets with an unexpected version.
The text was updated successfully, but these errors were encountered:
There's a somewhat esoteric attack, where an attacker might use QUIC Version Negotiation packets to mount a protocol confusion attack, depending on the network configuration of the server node. See libp2p/go-libp2p#1433 and https://datatracker.ietf.org/doc/html/rfc9000#name-request-forgery-attacks for details.
The good news is that we don't need QUIC's version negotiation in libp2p, as our multiaddresses (now) contain the QUIC version. We can therefore disable QUIC version negotiation. A QUIC server would then immediately drop Long Header packets with an unexpected version.
The text was updated successfully, but these errors were encountered: