[TAP 8] Describe DoS attack and prevention #183
Conversation
Signed-off-by: Marina Moore <[email protected]>
|
@mnm678 it looks like you're thinking this is something that implementors can choose mitigate, but couldn't this be a formal part of the spec; that is, put the limit in the metadata and make it so the client MUST fail if the number of revocation files is greater than the limit? |
|
I would tend to agree that at a minimum, the existence of a limit and discussion around this should be in the document. Note that if there is a limit, what if some clients have a different limit than others? This will cause a divergence in views of the repo. So this almost certainly needs to be a per-repository setting based upon information in the root metadata. |
|
Makes sense. I think this differs from the similar attack mentioned in #37 whereby any key holder can upload several different versions of the same metadata file. A revocation limit is something that could be defined ahead of time, whereas the number of metadata file versions really is unknown. |
Signed-off-by: Marina Moore <[email protected]>
|
I added some text about this. I think it can be addressed at the repository side by limiting uploads of rotate files after a certain point. This allows the repository to set the limit based on their available storage/hosting resources, and to share this limit with all clients. |
Signed-off-by: Marina Moore <[email protected]>
No description provided.