W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2005

[Bug 11] Protection against XML Denial Of Service attacks

From: <bugzilla@soe.ucsc.edu>
Date: Tue, 29 Nov 2005 10:26:17 -0800
Message-Id: <200511291826.jATIQHEL006234@ietf.cse.ucsc.edu>
To: w3c-dist-auth@w3.org


------- Additional Comments From julian.reschke@greenbytes.de  2005-11-29 10:26 -------
Proposed resolution: follow pointers from

Removed section explaining why 503 is a candidate status code for detected DOS
attacks (this doesn't make any sense at all, because if a server indeed detects
a DOS attack, it will signal a client error, not a "not now, but maybe later"
condition). Rename Section Section 19.6 to "Implications of XML entities", and
also expain the so-called one-billion-laughs-attack over there. Expand Section
8.1.1 to point to the various risks described in Section 19, and give advice on
how to reject those requests.

------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
Received on Tuesday, 29 November 2005 18:26:50 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:01:34 UTC