Hi, I think it is great that QUIC has such a strict anti-amplification limit. I hope this will be an inspiration for the rest of the IETF. DDoS attacks is a real problem and IETF and other SDOs has often been a bit naive when it comes to amplification attacks.
I am currently working on a draft suggesting that CoAP shoud do something similar as QUIC. https://datatracker.ietf.org/doc/draft-mattsson-core-coap-attacks/ Was there any discussion behind the specific 3x limit? Cheers, John
