[Vortex] [beepwg] Re: A couple of features to limit BEEP no reply attack
Francis Brosnan Blazquez
francis at aspl.es
Wed Mar 18 14:14:11 CET 2009
Hi Martin,
> I think that David has said almost everything that I was going to. No
> point me wasting my time reiterating it.
Ok.
> One further note on reply-limit that might be related to David's
> second point: there are no provisions made for round trip time. The
> serving peer might respond within the specified time, but that time
> might have elapsed by the time at the client before then, or before
> the response arrives.
Though I see your point, I find no easy solution to implement a
round-trip discovery extension, which, again, can be blocked in the same
way.
It is expected that BEEP peers will provide appropriate values for this
reply-limit which includes such round-trip delay.
Cheers!
> Ta,
> Martin
--
Francis Brosnan Blazquez <francis at aspl.es>
Advanced Software Production Line, S.L.
More information about the Vortex
mailing list