- From: Joseph Reagle <reagle@w3.org>
- Date: Tue, 16 Apr 2002 15:59:41 -0400
- To: aleksey@aleksey.com, "Ed Simon" <edsimon@xmlsec.com>
- Cc: xml-encryption@w3.org
On Friday 12 April 2002 17:24, Aleksey Sanin wrote: > I suggest to remove phrase "to identify such attacks" : By that, I meant if you get hit once (a request consumes X cycles before timing out), there's no need to honor a request from the same person to consume another X, but I agree that simpler is better. So the last sentence now reads, "Consequently, implementations should be able to restrict arbitrary recursion and the total amount of processing and networking resources a request can consume." Everything else (identifying repeat offendors, dynamically reseting/adjusting the thresholds, etc.) is an implementation detail! <smile/>
Received on Tuesday, 16 April 2002 15:59:54 UTC