No, but QUIC definitely falls in the overly complicated category, spanning multi... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		supriyo-biswas on Oct 19, 2023 \| parent \| context \| favorite \| on: Apache HTTP Server 2.4.58 (CVE fixes) No, but QUIC definitely falls in the overly complicated category, spanning multiple, large RFCs. This attack is just about failing to enforce the negotiated parameters during the start phase of the connection.

mnot on Oct 19, 2023 [–]

Wait till you see the TCP RFCs…

supriyo-biswas on Oct 19, 2023 | [–]

I guess it helps that TCP is usually covered to some extent in an undergrad course, and also that it's unencrypted.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact