ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

DEPLOY: processing limits are way too high in -protocol

2004-08-23 16:42:42
from [Daniel Quinlan] [Permanent Link] 

In Section 6.2, the 10 check_host() evaluation limit is way too high and
could allow for easier DoS attacks.  In addition, there is no limit for
how large each SPF2 record should be and there should be in order to
limit the impact of each of those 10 check_host() evaluations.

I recommend lowering this unless someone has a reasonable case as to why
10 is needed.  5 seems high enough.  Even 8 would be an improvement.

It would be good to have some additional limits -- this is just too wide
open.

-- 
Daniel Quinlan
http://www.pathname.com/~quinlan/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • DEPLOY: processing limits are way too high in -protocol, Daniel Quinlan <=
Previous by Date:  DOC-BUG: include: would be clearer with examples in -protocol, Daniel Quinlan
Next by Date:  DOC-BUG: PTR mention needed in 6.2 in -protocol, Daniel Quinlan
Previous by Thread:  DOC-BUG: include: would be clearer with examples in -protocol, Daniel Quinlan
Next by Thread:  DOC-BUG: PTR mention needed in 6.2 in -protocol, Daniel Quinlan
Indexes:  [Date] [Thread] [Top] [All Lists]