On Fri, Jul 08, 2016 at 03:17:13PM -0700, Stefan Beller wrote: > >If people are seeing these in > > routine use, then the limits are set too low, and this should happen > > roughly as often as a BUG assertion, and IMHO should be treated roughly > > the same: don't bother with translation, and don't worry about > > optimizing wasted bandwidth for this case. It won't happen enough to > > matter. > > Well the wasted band width is part of the server protection, no? Not if you stop receiving as soon as you hit the limits. Then of course they can send up to the limit each time, but that is not a DoS. That is things working as advertised. > This would favor the idea Jonathan came up with: > > server: I advertise push options > client: ok I want to use push options > client: I'll send you 1000 push options with upper bound of 1000M > server: It's a bit too much, eh? > * server quits > > So this case only occurs for the (malicious?) corner case, where I > do not bother a translation. In the malicious case, the client says "I'll send you 10 push option with an upper bound of 1024K", and then sends gigabytes anyway. Either way the server has to react to what is sent, not what is promised. -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html