On Thu, Nov 26, 2020, at 00:32, Kashyap Thimmaraju wrote: > I agree that the privacy of one end-point relies on the other end-point. > However, I'm actually refering to cases where multiple CIDs are shared > within an > NCID frame. This is definitely not good for both end-points, as this enables > linkability of the QUIC connection. How could this be used? Well the > attacker > can simply link the flow after connection migration or by observing it for a > long time. Does she gain anything else? I can't think of other gains.
There should be no case where an endpoint has concurrent use of connection IDs with the same value. Whether that is as a result of receiving them at the same time or not. Implementation should be able to detect that case and the specification encourages the use of CONNECTION_CLOSE if that is detected. However, we cannot require more thorough checking for the aforementioned reasons. As I said before, different values are not sufficient to prevent linkability if a peer is determined to cooperate with an attacker, so I see no value in pursuing that. Same for questions of covert channels.
