correlation via packet loss?

[thejh]

near_path_nat.md says:

For HTTP/3 traffic the browser assembled UDP packets are sent via MASQUE to the IPPS and then the IPPS sends the UDP packets to the target server, essentially just adding the IP header. The IPPS forwards data received from the target server back to the browser via the same MASQUE streams that the outgoing data traversed.

Is there an analysis somewhere of how much the ability of a group of servers to directly observe packet loss (because forwarding happens at the UDP level) allows them to correlate connections? (The same question obviously also exists for connections that either drop entirely or strongly change their latency because the user switched between wifi and mobile networks, but I guess that's less avoidable.)

[DavidSchinazi]

Hi! I'm the editor of the MASQUE specifications. I think this is something we'll want to add to our Security Considerations section, but I'm not particularly worried about this attack in practice. These proxies will carry many simultaneous connections so the resources required to perform this limited correlation will be incredibly high. I'm not aware of a mathematical analysis though, and if someone were to make one I'd be happy to refer to it in the spec.