strugee
commented
7 years ago It seems to me that when we do this we should also mention that servers should ratelimit C2S interactions, because if they "blindly" pass through data then a malicious user could get their server on another server's blacklist for DoS problems.
As discussed in IRC/Mumble today, there are a lot of cases where foreign AP servers can trigger some kind of reply in a "good" AP server. For example if we made Accept/Reject ACKs and NACKs required for followers, a server could cause lots of Reject replies to be generated.
We should add notes about this in Security Considerations, describing the broader problem and also providing some specific examples.