Cart
|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Re: Can A Web Site Be Reliably Defended Against DoSAttacks
 On Sat, 2004-02-07 at 07:58, 'Liam Quin' wrote: > Just a short note here... > > The raw socket access was added as part of the antitrust > settlement. Forgeries *are* detectable at the ISP, > because the ISP knows what IP their customer has at > the end of that cable or ADSL or dialup conenction, > and hence an incoming packet saying it's from some IP > not at the other end of that "leaf" connection is bogus > and should be dropped. In the same way, mail claiming > to be sent from some other ISP is clearly forged. no it's not and in our increasingly mobile world this will be a bigger problem. already it is a nuisance amongst my small customer base that mail has to come to our mail server before being sent out. now we're deploying mail servers on laptops so that the "road warriors" can send email directly. your proposal would constrain us to secured email connections to the server and all mail passing through the server. given that we already deal with hundreds of mbytes of email a day i don't want to add to the burden. wireless, mobile phone devices, etc will only add to this problem. perhaps we could have a secure signature system instead so that when you send me an email, my mail server can inquire of your server and verify the signature (a short message interchange) before accepting the email - then you can be anywhere on any server. that's sort of the current patent proposal as i understand it.... but with a charge. maybe a soap server to do the job? now you're clearly identified, we have a civil liberties problem ..... and we haven't even started on the problem of excutable code hidden in jpg's (or was it gifs?) being run by unwitting browsers, etc, etc... there's plenty of real life DoS attacks - paparazzi, journalists, roadworks, etc all managed to some degree by social practice, legislation, technical innovation. as the online community expands, like it or not, we too will have to look to more than technical solutions. rick > > This doesn't affect people using HTML mail services such > as hotmail, but only outgoing SMTP connections, which > some ISPs already disallow, thankfully. > > > The W3C priorities should reflect the immediate realities > > and needs. What is the mandate of the consortium? > > "To lead the Web to its full potential"... > > Note, however, that TCP/IP and email are not within the mandate > of the W3C - they are IETF specs. Go beat up on the IETF :-) > > Joking aside, I've been wondering for a while if this is an > area where W3C could write up vendor-neutral white papers that > may help legislators around the world. But we don't have a > lot of resources to do such work, unfortunately. > > best, > > Liam 
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! 
Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||
