Re: possible DoS attack


Small tweak in my example (one <EncryptedData/> element and
two <EncryptedKey /> elements pointing to each other) breaks
the check you've described.

I agree with you that there is no way to prevent a DoS attack. However,
it is possible to make the "bad guys" life harder :)  I don't suggest
to change the XML Encryption design but I do think that a warning
about possible problem is a good idea.


Blair Dillaway wrote:

>In your example, the RetrievalMethod indicates you are to retrieve an
>EncryptedKey.  Shouldn't your code immediately error when it finds the
>target of the URI is an EncryptedData?
>In any event, we had a fairly long discussion on DoS issues when this
>activity started and realized there is no way to prevent them and also
>meet our goal of creating a general purpose and flexible system.  Its
>fairly easy to construct examples that will cause a recipient to very
>deeply recurse (possibly infinite) looking for a decryption key.  I
>suppose one could support an application defined recursion limit to try
>and bound this problem, but addressing DoS attacks was not a goal of the

Received on Thursday, 11 April 2002 13:09:18 UTC