[Standards] Security consideration for XEP-0198

Georg Lukas georg at op-co.de
Wed May 7 21:46:05 UTC 2014


* Dave Cridland <dave at cridland.net> [2014-05-07 23:05]:
> It's probably worth noting, yes. The solution is to request an
> acknowledgement, and if one isn't forthcoming, to ditch the connection, of
> course.

It is not that easy, unfortunately. If the client is currently
disconnected, the ultimate purpose of the stanza queue is to cache
stanzas until the client reconnects. If you ditch the connection, you
undermine the purpose of the XEP.

It is wise to have a timeout mechanism for the client not responding to
ack requests. However, the session should be kept for a defined time
after that, to allow for a reconnection.

IMHO, there should be a stanza limit per session/per JID, however once
the limit is reached, new stanzas for that client should be rejected
with an error without terminating the connection.

If you do terminate the connection, you make the process susceptible to
DoS attacks against clients on slow connections (or currently in the
process of reconnecting).


Georg
-- 
|| http://op-co.de ++  GCS d--(++) s: a C+++ UL+++ !P L+++ !E W+++ N  ++
|| gpg: 0x962FD2DE ||  o? K- w---() O M V? PS+ PE-- Y++ PGP+ t+ 5 R+  ||
|| Ge0rG: euIRCnet ||  X(+++) tv+ b+(++) DI+++ D- G e++++ h- r++ y?   ||
++ IRCnet OFTC OPN ||_________________________________________________||
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 811 bytes
Desc: Digital signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20140507/9b80ea4e/attachment.sig>


More information about the Standards mailing list