W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2005

[Bug 11] Protection against XML Denial Of Service attacks

From: <bugzilla@soe.ucsc.edu>
Date: Wed, 23 Nov 2005 09:48:27 -0800
Message-Id: <200511231748.jANHmRpV008131@ietf.cse.ucsc.edu>
To: w3c-dist-auth@w3.org

http://ietf.cse.ucsc.edu:8080/bugzilla/show_bug.cgi?id=11

ejw@cs.ucsc.edu changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         AssignedTo|julian.reschke@greenbytes.de|lisa@osafoundation.org



------- Additional Comments From ejw@cs.ucsc.edu  2005-11-23 09:48 -------
Teleconference consensus is to add language stating that a server receiving wht it considers to be a denial 
of service attack MAY return a 400 status code, or MAY drop the connection, at its discretion. The benefit 
of returning the status code is that it makes it possible for client implementors to have some insight into 
why a request was rejected (more so than if the connection was just dropped). However, the specification 
does not want to establish a strong policy here, because server implementations need flexibility in setting 
their own DoS handling policies.



------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
Received on Wednesday, 23 November 2005 17:53:14 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:11 GMT