Security Consideration and shared server-sockets between clients

[gloinul]

Lets pull out one issue from #35 that likely need separate treatment.

So the security consideration says:

Since proxies that forward QUIC packets do not perform any
cryptographic integrity check, it is possible that these packets are
either malformed, replays, or otherwise malicious. This may result
in proxy targets rate limiting or decreasing the reputation of a
given proxy.

So this is indicating that you agree that forwarded traffic may misbehave and cause reactions in the network. Based on this I think any reuse of 5-tuples between the proxy and the target between multiple clients results in that one MASQUE client and its users could affect the flow of another MASQUE client through its traffic beyond traffic volume. I think that should most definitely be discussed, and I think this is to dangerous and should be recommended against.

I further think client's need to have some control over re-use of target facing proxy-socket. This as a MASQUE client that represent multiple different users, for example some type of gateway from a network may not have trust in that all its users are good behaving citizens and thus one users traffic should not have fatesharing with another.

[tfpauly]

Which I see the concerns, I think we should describe them rather than prohibit anything. If the target is well-known, such as another proxy if we are doing multiple proxy hops, then the concerns about reuse may not apply.