core-wg / echo-request-tag

Other
0 stars 0 forks source link

Mitigate Observe amplification attacks. #72

Closed emanjon closed 3 years ago

emanjon commented 3 years ago

The current text only talks about large responses, not many responses.

"A server that sends large responses to unauthenticated peers SHOULD mitigate amplification attacks"

chrysn commented 3 years ago

Any document that allows multiple responses in the first place (Observe, Q-Block, groupcomm-proxy) emphasizes the dangers of unchecked operation -- but it doesn't hurt to do that here too. (We do already say that a single response needs to be piggy-backed or NON, for the same reason).

gselander commented 3 years ago

What should the consideration be - that the freshness of an Observe request MUST be verified with Echo, updating RFC7641?

Why is Observe allowed without client authentication? And if so, should not the amplification factor be more precisely limited?

emanjon commented 3 years ago

PR #76 addresses this issue

chrysn commented 3 years ago

Closed by #76.