W3C home > Mailing lists > Public > xml-encryption@w3.org > April 2002

Re: possible DoS attack

From: Ed Simon <edsimon@xmlsec.com>
Date: Fri, 12 Apr 2002 17:42:08 -0400
Message-ID: <000f01c1e26a$e5db74a0$f2a0fea9@DJQC7111>
To: <reagle@w3.org>, <xml-encryption@w3.org>
> On Friday 12 April 2002 17:04, Ed Simon wrote:
> > "Consequently, decryptors should allow limits on arbitrary recursion and
> > the total amount of processing and networking resources a request can
> > consume."
>
Then Joseph wrote:
> What do you mean by decryptors should allow? Whom are they allowing?

By "allow" I was thinking about decryptors allowing applications to specify
time limits for processing, particularly in performance-intensive scenarios
like high-volume financial transactions.

How about
"Consequently, decryptors should set limits on arbitrary recursion and the
total amount of processing and networking resources a request can consume.
Decryptors may enable applications to reset those limits in order to
accomodate a range of performance requirements."

Ed


----- Original Message -----
From: "Joseph Reagle" <reagle@w3.org>
To: "Ed Simon" <edsimon@xmlsec.com>; <xml-encryption@w3.org>
Sent: Friday, April 12, 2002 5:08 PM
Subject: Re: possible DoS attack


> On Friday 12 April 2002 17:04, Ed Simon wrote:
> > "Consequently, decryptors should allow limits on arbitrary recursion and
> > the total amount of processing and networking resources a request can
> > consume."
>
> What do you mean by decryptors should allow? Whom are they allowing?
>
>
Received on Friday, 12 April 2002 17:42:36 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:32:03 UTC