Re: Striving for Compromise (Consensus?)

On 11 July 2014 11:45, Jason Greene <> wrote:
> This is the flaw:
> "1) Stalling a connection by never finishing the sending of a full set of headers.
> I don't find #1 interesting, since the attacker is mostly just attacking
> themselves"
> If you coalesce connections there are N users per connection. Thats a real problem you can’t just wave away.

No, that is still right.  You are mounting the DoS on yourself.  Your
N users can blame you, not the protocol.

If it were possible to stream small bits of messages (as we can do for
DATA) and the real subject of Roberto's analysis weren't a problem (it
is), then you might be able to stream onto a shared resource and get
away with it.  As a practical matter, I don't believe that streaming
into a shared connection is advisable.

Still, the real issue is the one I quoted: forcing an implementation
to hold multiple partially complete header sets open is a superb DoS
vector.  Better than the HOL blocking we've been talking about, which
can be easily contained.

Received on Friday, 11 July 2014 19:03:52 UTC