> and that is part of the problem. what can protocol authors do to ensure their protocols are not vulnerable to such attacks? and what can implementers do about protocols that were never designed with such attacks in mind? we don't currently have these answers.
In the cryptography community, each use of a key comes with context parameter, often mixed into the digest or such, that prevents signed data from being mis-used. In the QUIC protocol, lookup backoff and amplification. Similarly for DNS. If your protocol is TCP-based it is easier to find and block attackers because you know the return address is invalid. If it's UDP-based it's harder because attackers can fake the return address to be that of their victim. -- Witarea mailing list -- [email protected] To unsubscribe send an email to [email protected]
