Remix.run Logo
marcus_holmes 4 days ago

I'm curious that he appears to completely ignore the network latency/jitter on the return path. How does this work?

albinowax_ 4 days ago | parent [-]

With the single-packet attack, you look at the order that the responses arrive in, instead of the time they take to arrive. Since the responses are on a single TLS stream, they always arrive at the client in the order that the server issued them in. Hope that makes sense!

tptacek 4 days ago | parent [-]

I take them to be asking why jitter on the return path doesn't confound the results, regardless of the trick used to ensure they arrive concurrently (and cancel out the jitter on the ingress path). The responses to single-packet H2 attacks are not themselves single packets.

marcus_holmes 3 days ago | parent [-]

Yes to both!

It makes sense that the packets return in an order that provides information, but we're talking about timing differences of a few ms; as tptacek says I would expect that there's some network jitter on the return path that has to be allowed for with timings this small?

Yet apparently not - obviously the attacks are working. Does he somehow know when the response left the server?