[Standards-JIG] Pre-Proto XEP - Karma

Pedro Melo melo at co.sapo.pt
Fri Jan 5 13:59:47 UTC 2007


HI again,

On Jan 4, 2007, at 11:23 PM, Chris Mullins wrote:
> I was looking to see what exists today for standards around Karma,  
> and I didn’t see anything. I know many servers today implement rate  
> limiting, but as far as I can tell, each does it differently.
>
> This seems like it would make a great XEP, and allow for a richer  
> model of communication within the entire federated XMPP network.
>
> Some of the things that come to mind are:
On top of the other two I've already sent, there are also limits at  
the XML parser that should be considered:

  - max node name size: sending <screeeeeeeeeee(insert enourmus  
amounts of e's here)eeam> is probably going to kill you XML parser;
  - max number of node attributes;
  - max attribute name and attribute value sizes;
  - max size for char sequences between elements.

this ones should make sure that you at least receive a SAX event  
before exausting your memory.

FYI,  I don't know any XML parser that implements this. I would love  
to know one. It crossed my mind several times that a simple xml  
parser, with just enough features to support XMPP, and having a focus  
on denial-of-service attacks would be a wonderfull Google Summer of  
Code project.

Best regards,
--
HIId: Pedro Melo
SMTP: melo at co.sapo.pt
XMPP: pedro.melo at sapo.pt




More information about the Standards mailing list