target = "https://www.rfc-editor.org/rfc/rfc9000#section-21.3"

# 21.3.  Amplification Attack
#
# An attacker might be able to receive an address validation token
# (Section 8) from a server and then release the IP address it used to
# acquire that token.  At a later time, the attacker can initiate a
# 0-RTT connection with a server by spoofing this same address, which
# might now address a different (victim) endpoint.  The attacker can
# thus potentially cause the server to send an initial congestion
# window's worth of data towards the victim.
# 
# Servers SHOULD provide mitigations for this attack by limiting the
# usage and lifetime of address validation tokens; see Section 8.1.3.

[[spec]]
level = "SHOULD"
quote = '''
Servers SHOULD provide mitigations for this attack by limiting the
usage and lifetime of address validation tokens; see Section 8.1.3.
'''