Stateless reset token must be difficult to guess

[maskit]

• STATELESS_RESET_TOKEN_KEY should be configurable
• CID should be used as a salt

trafficserver/iocore/net/quic/QUICTypes.cc

Lines 263 to 270 in e89bed2

	QUICStatelessResetToken::_gen_token(uint64_t data)
	{
	CryptoHash _hash;
	static constexpr char STATELESS_RESET_TOKEN_KEY[] = "stateless_token_reset_key";
	CryptoContext ctx;
	ctx.update(STATELESS_RESET_TOKEN_KEY, strlen(STATELESS_RESET_TOKEN_KEY));
	ctx.update(reinterpret_cast<void *>(&data), 8);
	ctx.finalize(_hash);

   A single static key can be used across all connections to the same
   endpoint by generating the proof using a second iteration of a
   preimage-resistant function that takes a static key and the
   connection ID chosen by the endpoint (see Section 5.1) as input.  An
   endpoint could use HMAC [RFC2104] (for example, HMAC(static_key,
   connection_id)) or HKDF [RFC5869] (for example, using the static key
   as input keying material, with the connection ID as salt).  The
   output of this function is truncated to 16 octets to produce the
   Stateless Reset Token for that connection.

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. Marking it stale to flag it for further consideration by the community.

[maskit]

Closing as we are dropping our own QUIC implementation.