W3C home > Mailing lists > Public > xml-encryption@w3.org > April 2002

Re: possible DoS attack

From: Aleksey Sanin <aleksey@aleksey.com>
Date: Thu, 11 Apr 2002 10:08:07 -0700
Message-ID: <3CB5C2F7.7010401@aleksey.com>
To: Blair Dillaway <blaird@microsoft.com>
CC: xml-encryption@w3.org
Blair,

Small tweak in my example (one <EncryptedData/> element and
two <EncryptedKey /> elements pointing to each other) breaks
the check you've described.

I agree with you that there is no way to prevent a DoS attack. However,
it is possible to make the "bad guys" life harder :)  I don't suggest
to change the XML Encryption design but I do think that a warning
about possible problem is a good idea.

Aleksey


Blair Dillaway wrote:

>In your example, the RetrievalMethod indicates you are to retrieve an
>EncryptedKey.  Shouldn't your code immediately error when it finds the
>target of the URI is an EncryptedData?
>
>In any event, we had a fairly long discussion on DoS issues when this
>activity started and realized there is no way to prevent them and also
>meet our goal of creating a general purpose and flexible system.  Its
>fairly easy to construct examples that will cause a recipient to very
>deeply recurse (possibly infinite) looking for a decryption key.  I
>suppose one could support an application defined recursion limit to try
>and bound this problem, but addressing DoS attacks was not a goal of the
>WG.
>
>Blair
>
Received on Thursday, 11 April 2002 13:09:18 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:20 GMT