Also interesting to note that the server can ignore anything it wishes to ignore and pretend it never received it. (Not to say the crypto/RNG elements are perfect or anything, just reminding that accepting and replying to the data is ultimately optional!) -=R
From: QUIC <[email protected]> on behalf of "Salz, Rich" <[email protected]> Date: Thursday, October 29, 2020 at 9:03 AM To: Christian Huitema <[email protected]>, Florentin Rochet <[email protected]>, Marten Seemann <[email protected]> Cc: "[email protected]" <[email protected]> Subject: Re: Potential Oracle Access to he peer's randomness > There are a variety of use of random numbers in QUIC, and I thought of those > as risks of leaking the state of the crypto random generator, and thus > enabling attacks on that generator and eventually risking exposing the > cryptographic state. FWIW, OpenSSL does the same thing with an API for random bytes (RAND_bytes), and a separate one for when they’re going to be used in key material (RAND_priv_bytes)
