[Standards] Proposed XMPP Extension: Best Practices to Discourage Denial of Service Attacks Against XMPP Servers

Nicholas Parker nickp at bu.edu
Tue Jan 23 19:50:11 UTC 2007


I'm not terribly clear on what is meant by Karma in the XEP, the following assumes that it goes by
the common definition of 'ratings applied to users on a network': Karma is also prone to DOS, in
the form of coordinated attacks against individuals by having multiple people 'de-Karma' a given
target.

Maybe if it was just on level with how much trust a given user had, so that you could only
withhold a positive rating, rather than give a negative rating. In this sense, users start out
with 0 and move up from there as they become better-liked. In other words, setting a bottom limit
to Karma would rein in the negative effects of a coordinated attack on a given individual's
rating.

> On 22 Jan 2007, at 17:55, Peter Saint-Andre wrote:
>
>> XMPP Extensions Editor wrote:
>>> The XMPP Extensions Editor has received a proposal for a new XEP.
>>> Title: Best Practices to Discourage Denial of Service Attacks
>>> Against XMPP Servers
>>> Abstract: This document recommends a number of practices that can
>>> help discourage denial of service attacks on XMPP-based networks.
>>> URL: http://www.xmpp.org/extensions/inbox/dos.html
>>
>> Just a little something I wrote up over the weekend. It needs to be
>> expanded a bit before the XMPP Council decides whether to accept it.
>
> Within the 'Specific recommendations to follow' of Karma usage - what
> do people really think of Karma? While I agree that it's desirable to
> stop people overloading servers, I'm a bit concerned that low karma
> limits will do more damage than good, and we should think reasonably
> carefully about recommending levels.
>
> /K
>
> --
> Kevin Smith
> Psi XMPP Client Project Leader (http://psi-im.org)
>
>
>
>





More information about the Standards mailing list