[Question] Stateless Reset Oracle Attack

[reteps]

Hi there, I am performing a research project to follow up some of the analysis done in "A Quic(k) Security Overview: A Literature Research on Implemented Security Recommendations"

According to their findings, the Stateless Reset Oracle defenses described in RFC 9000 21.11 has not been implemented in aiohttp.

I was hoping to:

1. confirm that this isn't something the library handles
2. check whether you would accept a PR defending against this attack

Thanks!

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[reneleonhardt]

@jlaine Can someone reply before this security question will be closed automatically?