This repository has been archived by the owner on Aug 11, 2020. It is now read-only.
TODO: Implement stateless reset #62
Comments
|
Currently, stateless reset tokens are generated randomly and not stored, which makes them useless for the intended purpose. In the future, we'll want to go with an alternative approach that allows stateless generation and subsequent verification of reset tokens. This can work in a number of ways but following the pattern of retry token generation would seem to make sense. |
jasnell
added a commit
to jasnell/quic
that referenced
this issue
Dec 4, 2019
Generate stateless reset token cryptographically Fixes: nodejs#62
jasnell
added a commit
to jasnell/quic
that referenced
this issue
Dec 5, 2019
Generate stateless reset token cryptographically Fixes: nodejs#62
jasnell
added a commit
to jasnell/quic
that referenced
this issue
Dec 5, 2019
Generate stateless reset token cryptographically Fixes: nodejs#62
jasnell
added a commit
to jasnell/quic
that referenced
this issue
Dec 5, 2019
Generate stateless reset token cryptographically Fixes: nodejs#62
addaleax
pushed a commit
that referenced
this issue
Dec 11, 2019
Generate stateless reset token cryptographically Fixes: #62 PR-URL: #215 Reviewed-By: Anna Henningsen <[email protected]>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Stateless reset support is going to be a bit tricky. An endpoint sends a stateless reset when it does not have access to connection state any longer, but that means we need to keep track of CIDs and their correspnding stateless reset tokens in a way that can survive a crash (which is ironic to say the least). Need to figure out how to implement this protocol feature.
The text was updated successfully, but these errors were encountered: