External DDoS Support for Retry Token Key Configuration #5005
Comments
nibanks
added
Area: API
Area: Security
|
To implement this, we should add a new global parameter,
The secret will need to be stored in We will also need to standardize and document the method for calculating derived keys based on time and base secret. The current logic is: uint8_t RawKey[CXPLAT_AEAD_AES_256_GCM_SIZE];
CxPlatCopyMemory(
RawKey,
MsQuicLib.BaseRetrySecret,
sizeof(MsQuicLib.BaseRetrySecret));
for (size_t i = 0; i < sizeof(KeyIndex); ++i) {
RawKey[i] ^= ((uint8_t*)&KeyIndex)[i];
} |
|
Another thought: if we use a parameter for this, it would be required to be wired up to all the layers on top. For instance, if you want Windows HTTP to take advantage of this, HTTP and possibly IIS would have to be updated. OR, we have a registry key that backs this as well, though, it's generally not a great idea to store secrets in the registry. |
nibanks
changed the title
|
If the app/admin is setting the key directly, then MsQuic wouldn't be generating subkeys from that anymore, right? |
Describe the feature you'd like supported
MsQuic supports Retry Token mechanism to validate client's address. To generate/validate Retry Token, a key is used as well to add entropy. Ask is to support a configuration path for these keys i.e. keys should be accepted as configuration from some external service. This external service will rotate and send new keys every X seconds.
Proposed solution
This is needed so that Ddos solution and MsQuic solution can share keys. Idea is for ddos and msquic to work in conjunction and use same keys and same encryption APIs so that either can generate a token and both can validate it correctly.
Additional context
No response
The text was updated successfully, but these errors were encountered: