Hacker News new | ask | show | jobs
by baby_souffle 983 days ago
> Small, less complex protocols are inherently less likely to be insecure all things being equal, simply due to reduced attack surface.

That feels intuitive in the "less code is less bugs is less security issues" sense but implies that "secure" and "can't be abused" are the same thing.

Related? Sure. Same? No.

Oddly enough, we probably could have prevented the replay/amplification dos attacks that use DNS by making DNS more complex / adding mutual authentication so it's not possible for A to request something that is then sent to B.
1 comments
LK5ZJwMwgBbHuVI 983 days ago
We could have prevented the replay/amplification dos attacks that use DNS by making DNS use TCP.

In practice though the only way to "fix" DNS that would've worked in the 80s would've probably been to require the request be padded to larger than the response...

link
smallnix 983 days ago
But TCP is way more complex
link
LK5ZJwMwgBbHuVI 977 days ago
... yeah? I know? "In practice though the only way to "fix" DNS that would've worked in the 80s would've probably been to require the request be padded to larger than the response..."

It's not as complex as some "mutual authentication" scheme though lmao

link