Several people have used the term "DoS attack" in relation to a
review/appeals process as if that were a well-defined and
well-understood phenomenon, and I don't understand what it means.
Here is one example that doesn't make sense to me:
At 8:39 AM -0500 1/21/05, Scott Bradner wrote:
Brian clarifies:
Reviewing procedures is fine. Reviewing specific awards isn't, IMHO,
which is all I intended my words to exclude.
I agree with Brian - allowing the review of specific awards could
easily cause the DoS attack that I've been warning against
None of the versions of the text that we are looking at (the current
BCP, Harald's, mine, Scott Brim's...) indicate that a request for
review of an IAD or IAOC decision could result in: (1) reversing a
legally binding decision, (2) forcing the IAOC to stop other work
until the review is handled, (3) delaying the execution of the
decision, (4) having any decision of the IAD/IAOC overturned by
anyone other than the IAOC, or (4) anything else that would affect
the operation of IASA.
So, the only DoS attack I can imagine is having such a large volume
of review requests that handling them in any reasonable way sucks up
all of the resources of the IAOC...
I attempted to address that form of attack by indicating that it is
up to the IAOC to determine what level of processing a given review
request requires. If the same person sends thousands of requests, I
assume that the appropriate level of review for those requests would
be zero. And, if that were escalated, the IESG would concur.
So, where do the DoS attack come in?
Margaret
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf