OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   Re: [xml-dev] Re: Can A Web Site Be Reliably Defended Against DoSAttacks

[ Lists Home | Date Index | Thread Index ]

On Sat, 2004-02-07 at 07:58, 'Liam Quin' wrote:
> Just a short note here...
> 

> The raw socket access was added as part of the antitrust
> settlement.  Forgeries *are* detectable at the ISP,
> because the ISP knows what IP their customer has at
> the end of that cable or ADSL or dialup conenction,
> and hence an incoming packet saying it's from some IP
> not at the other end of that "leaf" connection is bogus
> and should be dropped.  In the same way, mail claiming
> to be sent from some other ISP is clearly forged.
no it's not and in our increasingly mobile world this will be a bigger
problem.

already it is a nuisance amongst my small customer base that mail has to
come to our mail server before being sent out. now we're deploying mail
servers on laptops so that the "road warriors" can send email directly.
your proposal would constrain us to secured email connections to the
server and all mail passing through the server. given that we already
deal with hundreds of mbytes of email a day i don't want to add to the
burden.

wireless, mobile phone devices, etc will only add to this problem.

perhaps we could have a secure signature system instead so that when you
send me an email, my mail server can inquire of your server and verify
the signature (a short message interchange) before accepting the email -
then you can be anywhere on any server. that's sort of the current
patent proposal as i understand it.... but with a charge. maybe a soap
server to do the job?

now you're clearly identified, we have a civil liberties problem .....

and we haven't even started on the problem of excutable code hidden in
jpg's (or was it gifs?) being run by unwitting browsers, etc, etc...

there's plenty of real life DoS attacks - paparazzi, journalists,
roadworks, etc all managed to some degree by social practice,
legislation, technical innovation.

as the online community expands, like it or not, we too will have to
look to more than technical solutions.

rick

> 
> This doesn't affect people using HTML mail services such
> as hotmail, but only outgoing SMTP connections, which
> some ISPs already disallow, thankfully.
> 
> > The W3C priorities should reflect the immediate realities 
> > and needs.  What is the mandate of the consortium?
> 
> "To lead the Web to its full potential"...
> 
> Note, however, that TCP/IP and email are not within the mandate
> of the W3C - they are IETF specs.  Go beat up on the IETF :-)
> 
> Joking aside, I've been wondering for a while if this is an
> area where W3C could write up vendor-neutral white papers that
> may help legislators around the world.  But we don't have a
> lot of resources to do such work, unfortunately.
> 
> best,
> 
> Liam





 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS