[Vortex] [beepwg] Re: A couple of features to limit BEEP no reply attack
Francis Brosnan Blazquez
francis at aspl.es
Tue Mar 24 18:35:32 CET 2009
> Sorry about the delay in responding...
;-) No problem..
> RTT discovery is performed by every TCP stack. It's part of working
> out the necessary window size to maximize throughput. I don't know if
> this information is made available by any TCP stacks, but it isn't
> impossible to measure. Even above TCP where retransmits could
> interfere its' probably still doable.
Fine. I could place such mention so developers can consider it. However,
as you are guessing, such APIs are missing especially on windows (pretty
much like TCP maximum negotiated segment size).
> I'd still say that the main concern I have is that your interpretation
> of what constitutes a "protocol violation" is too narrow a view. More
> holistically, a badly behaving peer needs to be treated as such,
> regardless of where the errors occur. Niceties like proper channel
> and session closure are luxuries - a badly behaving peer does not
> deserve to be treated in such a civilised fashion.
Ok. Just to point reply-limit is to protect a peer from BNRA especially
over channel 0 rather giving especial care to badly behaving peers.
After this initial poll I think there are few interest in reply-limit
feature. I still think this is a remaining issue to solve and, with some
degree, this "silence" confirms close session is not being used at this
moment due to problems it carries, especially in an untrusted/public
environment. No problem, next issue...
..what about "optional-reply"? What's your opinion about it?
Francis Brosnan Blazquez <francis at aspl.es>
Advanced Software Production Line, S.L.
More information about the Vortex