Hacker News new | past | comments | ask | show | jobs | submit login

"If somebody wants to track you with CurveCP they'd be just as able to use this cookie as they would the QUIC "source address token"."

https://curvecp.org/confidentiality.html

"Two minutes after a connection is closed, the server is unable to extract the client's long-term public key from the network packets that were sent to that server, and is unable to verify the client's long-term public key from the network packets."

"The second packet from the client contains a cookie from the server. This cookie is actually a cryptographic box that can be understood only by a "minute key" in the server. Two minutes later the server has discarded this key and is unable to extract any information from the cookie."

By contrast, the paper suggests QUIC source address tokens have no expiration and are retained for a minimum of 11 days by the existing QUIC-compatible browsers.

https://curvecp.org/packets.html

"Server Cookie packet details A Cookie packet is a 200-byte packet with the following format:

8 bytes: the ASCII bytes "RL3aNMXK".

16 bytes: the client's extension.

16 bytes: the server's extension.

16 bytes: a server-selected compressed nonce in little-endian form. This compressed nonce is implicitly prefixed by "CurveCPK" to form a 24-byte nonce.

144 bytes: a cryptographic box encrypted and authenticated to the client's short-term public key C' from the server's long-term public key S using this 24-byte nonce. The 128-byte plaintext inside the box has the following contents:

32 bytes: the server's short-term public key S'.

96 bytes: the server's cookie."

It appears CurveCP's two minute server cookie lacks any easily usable tracking information. There is no client IP address, no long-term client public key, no long-term server public key.

In contrast, the paper suggests QUIC's evergreen source address token containing the client IP address is intended to be reused in subsequent connections and can be easily used for tracking:

"The client caches the source address token and presents it to the server during the setup of a new connection. This allows a server to link the connection where the source-address token is initially issued with each subsequent connections where the same token is presented during the CHLO message. Finally, this enables the server to identify a chain of connections associated with a user."




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: