- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Fri, 22 Mar 2013 07:42:08 +0000
- To: Roberto Peon <grmocg@gmail.com>
- cc: James M Snell <jasnell@gmail.com>, RUELLAN Herve <Herve.Ruellan@crf.canon.fr>, HTTP Working Group <ietf-http-wg@w3.org>
In message <CAP+FsNdVz3xU=ADgUTOkDAB9gGAFSRQan5wyoZ_kGgunoLjLwA@mail.gmail.com> , Roberto Peon writes: >I have doubts that one can correctly identify malicious endpoints, and so I >chose the eviction policy based route. We certainly cannot trust the encoder to clean up for us, and you point about identification is true as well. However, the point of a DoS mitigation by protocol design, is not to make them impossible, because you can't. A popular TV-host telling all his viewers to visit the website "RIGHT NOW!" is an incredible effective DoS. But what you do, and what we should do, is make them difficult and expensive to automate: The major cost of the first request should be borne by the client. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Friday, 22 March 2013 07:42:30 UTC