[Standards] XEP-0138: security considerations

Kevin Smith kevin at kismith.co.uk
Thu Apr 24 16:50:54 UTC 2014


On Mon, Apr 14, 2014 at 5:48 PM, Waqas Hussain <waqas20 at gmail.com> wrote:
> 1. A server doing anything interesting (e.g., smart dynamic limits based on
> currently available resources) shouldn't be disallowed from using resources
> that are available and unused. If a server has 100GB of free RAM, no CPU
> usage, a client sends a 100MB gzipped payload, which expands into a 1GB
> stanza, and is directed to e.g., the client itself, the server should be
> allowed to accept it if it deems it reasonable. A better thing to do is to
> require mitigation of attacks, but only make suggestions on how to do it. We
> shouldn't require specific ways of doing it, not with a MUST. Specs
> shouldn't dictate implementation details.

Right.

The spec should draw attention to possible issues, and suggest ways an
implementation might deal with them. Which methods are used isn't
appropriate for the spec. We can say "MUST somehow mitigate" if we
want to, but shouldn't mandate particular methods of mitigation.

And especially shouldn't encourage behaviour we know to be harmful,
like S2S throttling.

/K



More information about the Standards mailing list