target = "https://www.rfc-editor.org/rfc/rfc9001#section-9.3"

# 9.3.  Packet Reflection Attack Mitigation
#
# A small ClientHello that results in a large block of handshake
# messages from a server can be used in packet reflection attacks to
# amplify the traffic generated by an attacker.
# 
# QUIC includes three defenses against this attack.  First, the packet
# containing a ClientHello MUST be padded to a minimum size.  Second,
# if responding to an unverified source address, the server is
# forbidden to send more than three times as many bytes as the number
# of bytes it has received (see Section 8.1 of [QUIC-TRANSPORT]).
# Finally, because acknowledgments of Handshake packets are
# authenticated, a blind attacker cannot forge them.  Put together,
# these defenses limit the level of amplification.

[[spec]]
level = "MUST"
quote = '''
First, the packet
containing a ClientHello MUST be padded to a minimum size.
'''