Skip to content

External DDoS Support for Retry Token Key Configuration #5005

New issue
New issue
Open
Task
#5112
Open
External DDoS Support for Retry Token Key Configuration#5005
Task
#5112
Assignees
anrossi
Labels
Area: APIArea: CoreRelated to the shared, core protocol logicArea: SecurityRelated to security or quality testingfeature requestA request for new functionality
Milestone
 
Future
@kmmago

Description

@kmmago
kmmago
opened on Apr 15, 2025

Describe the feature you'd like supported

MsQuic supports Retry Token mechanism to validate client's address. To generate/validate Retry Token, a key is used as well to add entropy. Ask is to support a configuration path for these keys i.e. keys should be accepted as configuration from some external service. This external service will rotate and send new keys every X seconds.

Proposed solution

This is needed so that Ddos solution and MsQuic solution can share keys. Idea is for ddos and msquic to work in conjunction and use same keys and same encryption APIs so that either can generate a token and both can validate it correctly.

Additional context

No response

Metadata

Metadata

Assignees

Labels

Area: APIArea: CoreRelated to the shared, core protocol logicArea: SecurityRelated to security or quality testingfeature requestA request for new functionality

Type

Projects

DPT Iteration Tracker

Status

In Progress

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions