[Standards] Proposed XMPP Extension: Best Practices to Discourage Denial of Service Attacks Against XMPP Servers

Peter Saint-Andre stpeter at jabber.org
Tue Jan 23 17:02:52 UTC 2007


Kevin Smith wrote:
> On 22 Jan 2007, at 17:55, Peter Saint-Andre wrote:
> 
>> XMPP Extensions Editor wrote:
>>> The XMPP Extensions Editor has received a proposal for a new XEP.
>>> Title: Best Practices to Discourage Denial of Service Attacks Against 
>>> XMPP Servers
>>> Abstract: This document recommends a number of practices that can 
>>> help discourage denial of service attacks on XMPP-based networks.
>>> URL: http://www.xmpp.org/extensions/inbox/dos.html
>>
>> Just a little something I wrote up over the weekend. It needs to be 
>> expanded a bit before the XMPP Council decides whether to accept it.
> 
> Within the 'Specific recommendations to follow' of Karma usage - what do 
> people really think of Karma? While I agree that it's desirable to stop 
> people overloading servers, I'm a bit concerned that low karma limits 
> will do more damage than good, and we should think reasonably carefully 
> about recommending levels.

That's true of all the levels (stanza size etc.). Plus we need to define 
"karma" more carefully in the first place -- some servers have rather 
complex formulas for it...

Peter

-- 
Peter Saint-Andre
XMPP Standards Foundation
http://www.xmpp.org/xsf/people/stpeter.shtml

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20070123/09385777/attachment.bin>


More information about the Standards mailing list