[Standards] LAST CALL: XEP-0205 (Best Practices to Discourage Denial of Service Attacks)
stpeter at stpeter.im
Fri Dec 19 22:51:21 UTC 2008
Peter Saint-Andre wrote:
> Pedro Melo wrote:
>> On Nov 12, 2008, at 2:42 PM, Dave Cridland wrote:
>>> I also noted (when reading through the XEP alongside your review) that
>>> in section 5, it suggests that stream compression might relax limits -
>>> it's possibly worth noting that it's possible to use DEFLATE as a
>>> traffic amplification attack, so I'm not convinced this is good advice.
>> I meant to comment on that and missed my marker. I think the limits of
>> bandwidth should be applied after decompression.
> That seems sensible. I'll update the document accordingly.
In fact I think that it's better to remove that paragraph.
More information about the Standards