[Vortex] [beepwg] Re: A couple of features to limit BEEP no reply attack

Francis Brosnan Blazquez francis at aspl.es
Tue Mar 24 18:35:32 CET 2009

Hi Martin,

> Sorry about the delay in responding...

;-) No problem..

> RTT discovery is performed by every TCP stack.  It's part of working
> out the necessary window size to maximize throughput.  I don't know if
> this information is made available by any TCP stacks, but it isn't
> impossible to measure.  Even above TCP where retransmits could
> interfere its' probably still doable.

Fine. I could place such mention so developers can consider it. However,
as you are guessing, such APIs are missing especially on windows (pretty
much like TCP maximum negotiated segment size).

> I'd still say that the main concern I have is that your interpretation
> of what constitutes a "protocol violation" is too narrow a view.  More
> holistically, a badly behaving peer needs to be treated as such,
> regardless of where the errors occur.  Niceties like proper channel
> and session closure are luxuries - a badly behaving peer does not
> deserve to be treated in such a civilised fashion.

Ok. Just to point reply-limit is to protect a peer from BNRA especially
over channel 0 rather giving especial care to badly behaving peers.

After this initial poll I think there are few interest in reply-limit
feature. I still think this is a remaining issue to solve and, with some
degree, this "silence" confirms close session is not being used at this
moment due to problems it carries, especially in an untrusted/public
environment. No problem, next issue...

..what about "optional-reply"? What's your opinion about it? 


> Cheers,
> Martin
Francis Brosnan Blazquez <francis at aspl.es>
Advanced Software Production Line, S.L.

More information about the Vortex mailing list