[standards-jig] IBB: Making it all "go"

Dave Smith dizzyd at jabber.org
Wed Apr 9 01:51:07 UTC 2003


----- Original Message -----
>From: "Richard Dobson" <richard at dobson-i.net>
To: <standards-jig at jabber.org>
Sent: Tuesday, April 08, 2003 5:26 PM
Subject: Re: [standards-jig] IBB: Making it all "go"


> Also what about using a jabber:x:expire of a few minutes on the message
> packets to make sure they wont get stored for too long.
>
> But I do see the problem of easier denial of service if message packets
> are used in this manor to transfer the data rather than iq, i.e.
> sending lots and lots of packets that get stored offline and then when
> they are delivered to the user could hold up their connection for ages
> or maybe even cause a karma problem (does karma affect the direction of
> server to client?).

Well, this is a more general problem with offline storage -- anyone could do
this DoS, regardless if they were using the IBB protocol. So it doesn't
really make anything "easier". The only way to really deal with this problem
would be to make offline storage work with a POP/IMAP style interface
instead of always flushing every message. From a protocol standpoint, we
could certainly dictate that the IBB protocol MUST close the stream if the
recipient party becomes unavailable. That doesn't really fix anything, but
does provide some strong suggestions to thwart unintentional DoS -- of
course, what "real" DoS'er would follow something that's merely a
convention? :)

Bottom line, I think we simply establish a convention in the JEP whereby the
IBB system SHOULD/MUST close the stream when the target party goes offline.

Of note, karma is only an inbound restrictor, never outbound. The server
sends packets as quickly as possible to the client.

Diz




More information about the Standards mailing list