- From: Mark Nottingham <mnot@mnot.net>
- Date: Tue, 3 Jul 2018 12:08:07 +1000
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>, "Ludin, Stephen" <sludin@akamai.com>, Nick Sullivan <nick@cloudflare.com>
Hi PHK, The problem with something like Max-Forwards is that it requires all participants to actively process it. CDN-Loop works because I can insert my token and look for it in requests; if it appears, I know there's some sort of loop. Cheers, > On 2 Jul 2018, at 6:47 pm, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > > -------- > In message <F1950AC9-CA4C-4F17-9F1A-CADA18679FE6@mnot.net>, Mark Nottingham wri > tes: > >> For interest / discussion. This is a proposal for a minimal mechanism to >> avoid loop attacks and misconfigurations against CDNs. Feedback >> appreciated. > > This problem is as old as packet networks, and why IP have the TTL field. > > I think it would be better and more robust to define a "max-hops" > header with a single numerical field, which each (conforming) proxy > decrements and if it becomes zero, 50x error is returned. > > CDNs can create a max-hops header if there is none, and even if > nobody else implements the max-hops header, it will eventually count > down to zero if there is a loop. > > In difference from the proposed draft, this doesn't reveal the > architecture to the client. > -- Mark Nottingham https://www.mnot.net/
Received on Tuesday, 3 July 2018 02:08:36 UTC