- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Mon, 02 Jul 2018 08:47:38 +0000
- To: Mark Nottingham <mnot@mnot.net>
- cc: HTTP Working Group <ietf-http-wg@w3.org>, "Ludin, Stephen" <sludin@akamai.com>, Nick Sullivan <nick@cloudflare.com>
-------- In message <F1950AC9-CA4C-4F17-9F1A-CADA18679FE6@mnot.net>, Mark Nottingham wri tes: >For interest / discussion. This is a proposal for a minimal mechanism to >avoid loop attacks and misconfigurations against CDNs. Feedback >appreciated. This problem is as old as packet networks, and why IP have the TTL field. I think it would be better and more robust to define a "max-hops" header with a single numerical field, which each (conforming) proxy decrements and if it becomes zero, 50x error is returned. CDNs can create a max-hops header if there is none, and even if nobody else implements the max-hops header, it will eventually count down to zero if there is a loop. In difference from the proposed draft, this doesn't reveal the architecture to the client. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Monday, 2 July 2018 08:48:13 UTC