Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Explain potential for abuse #28

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions draft-edm-protocol-greasing.md
Original file line number Diff line number Diff line change
Expand Up @@ -198,6 +198,17 @@ not limited to those discussed in this document, can affect fingerprinting. A
deeper analysis of this topic has been deemed out of scope.


While protocol features, extensions, and versions all have legitimate uses, they
can become a burden when used to excess. For example, the ability to send
protocol grease that a peer is required to ignore can be abused to cause it to
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe explain some examples of the abuse — not just the fact of ignoring one greased object, but having a flood of them that are all ignored, etc.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thought: There is a "cost" when the greasing creates state, even if only to ignore the greased value. (I can think of cases where seeing a new value needs the receiver to do work to ignore. )

expend additional processing time. Insufficient monitoring or logging exposes
endpoints to a risk of denial-of-service attacks. Therefore, it is recommended
that implementations track use of protocol features, extensions, and versions
and set limits on their use. When such limits are encountered, implementations
may choose to stop interactions, e.g., by closing a connection. Limits that are
tuned too low risk false positive detections, which can disrupt otherwise valid
exchanges.

# IANA Considerations

This document has no IANA actions.
Expand Down
Loading