[Standards] SIFT revisited

Dave Cridland dave at cridland.net
Sat Jun 6 09:15:12 UTC 2009


On Sat Jun  6 02:54:44 2009, Brian Cully wrote:
> Sorry, on my phone so I can't do proper inline replies.
> 
> Maybe I'm missing something, but preserving presence on the server   
> until a subsequent iq or message stanza leads to dos attacks via   
> resource consumption. Is that not what you were advocating?

Well, I'm assuming there's details to be worked out. That attack is  
instantly mitigated by allowing the server to flush down presence  
after a timeout, or when it becomes "big", or just "because".

Dave.
-- 
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade



More information about the Standards mailing list