On 03/28/2013 04:57 PM, Kevin Chadwick wrote: > >> listened to the dangers and even now simply redesigned DNSSEC. > > Or they could fudge it by making every request requiring padding larger > than the response. Bandwidth would increase astronomically but amp > attacks would have to find other avenues. >
Infeasible; the requester cannot know the size of the response in advance. If a packet comes in, and the response is larger than the request, is it really an amp packet, did the client not know, or is the server misconfigured and not limiting the response data as much as it could?
signature.asc
Description: OpenPGP digital signature
