[Standards] LAST CALL: XEP-0205 (Best Practices to Discourage Denial of Service Attacks)

Peter Saint-Andre stpeter at stpeter.im
Fri Dec 19 22:48:59 UTC 2008


Pedro Melo wrote:
> 
> On Nov 12, 2008, at 2:42 PM, Dave Cridland wrote:
>
>> I also noted (when reading through the XEP alongside your review) that
>> in section 5, it suggests that stream compression might relax limits -
>> it's possibly worth noting that it's possible to use DEFLATE as a
>> traffic amplification attack, so I'm not convinced this is good advice.
> 
> I meant to comment on that and missed my marker. I think the limits of
> bandwidth should be applied after decompression.

That seems sensible. I'll update the document accordingly.

Peter



More information about the Standards mailing list