That's not true. QUIC's encrypted traffic does not protect against MITM.

QUIC uses TLS1.2 (or higher), so the guarantees are the same as for HTTPS streams. That means it protects the data streams against MitM.

▲

nabla9 3 days ago | parent | next [-]

Not any different from TLS.1.2 over TCP.

https://en.wikipedia.org/wiki/File:HTTP-1.1_vs._HTTP-2_vs._H...

Here is good intro for you:

The Security Challenges of HTTP/3 and QUIC — What You Need to Know https://medium.com/@RocketMeUpCybersecurity/the-security-cha...

▲

lazide 3 days ago | parent | prev [-]

Not if they have a root cert.

▲

viraptor 3 days ago | parent | next [-]

That's not a property of QUIC. Yes, if you trust both sides, then you trust both sides. That's not what people normally understand as MitM.

	▲	lazide 2 days ago \| parent [-]
		Pre-cert usage/issuance lists, it would take a keen eye to spot auto-mitm using root certs.

▲

Thorrez 3 days ago | parent | prev [-]

If China uses a root cert to issue bogus certs, that'll get caught by certificate transparency. Assuming people use browsers that enforce certificate transparency.

▲

eptcyka 3 days ago | parent [-]

Kazakhstan literally forced their own cert for lots of popular sites for a while, expecting users to click the through and accept them. It was made illegal to not accept government certificates.

	▲	esafak 3 days ago \| parent \| next [-]
		https://en.wikipedia.org/wiki/Kazakhstan_man-in-the-middle_a...
	▲	Thorrez 2 days ago \| parent \| prev [-]
		Was Kazakhstan successful? esafak's link seems to imply it wasn't very successful. Anyways, my point wasn't that a government can't MITM using a root cert. My point is that the government can't do so secretly. The whole world will know if they try.