[Bug 11] Protection against XML Denial Of Service attacks from bugzilla@soe.ucsc.edu on 2005-11-23 (w3c-dist-auth@w3.org from October to December 2005)

From: <bugzilla@soe.ucsc.edu>
Date: Wed, 23 Nov 2005 09:48:27 -0800
To: w3c-dist-auth@w3.org
Message-Id: <200511231748.jANHmRpV008131@ietf.cse.ucsc.edu>

http://ietf.cse.ucsc.edu:8080/bugzilla/show_bug.cgi?id=11

ejw@cs.ucsc.edu changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         AssignedTo|julian.reschke@greenbytes.de|lisa@osafoundation.org



------- Additional Comments From ejw@cs.ucsc.edu  2005-11-23 09:48 -------
Teleconference consensus is to add language stating that a server receiving wht it considers to be a denial 
of service attack MAY return a 400 status code, or MAY drop the connection, at its discretion. The benefit 
of returning the status code is that it makes it possible for client implementors to have some insight into 
why a request was rejected (more so than if the connection was just dropped). However, the specification 
does not want to establish a strong policy here, because server implementations need flexibility in setting 
their own DoS handling policies.



------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

Received on Wednesday, 23 November 2005 17:53:14 UTC