[Standards] Proposed XMPP Extension: Best Practices to Discourage Denial of Service Attacks Against XMPP Servers

Stephan Maka stephan at spaceboyz.net
Mon Jan 29 20:58:52 UTC 2007


Section 4.5 Stanza Size

In example 2 the server responds with a stanza including all children.
Because the client has already exceeded the stanza size, the server
should reduce bandwidth usage by only including the <error/> child.

Example 3 looks like the right answer to an open element with megabytes
of text. It should be hinted that this DoS protection should occur at
the XML parser level.

Is there already some kind of negotiation of stanza sizes, preventing
users from just pasting a 1M document inside their clients?


Stephan.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/standards/attachments/20070129/026551bb/attachment.sig>


More information about the Standards mailing list