Several people have used the term "DoS attack" in relation to a review/appeals process as if that were a well-defined and well-understood phenomenon, and I don't understand what it means.
Here is one example that doesn't make sense to me:
At 8:39 AM -0500 1/21/05, Scott Bradner wrote:
Brian clarifies:Reviewing procedures is fine. Reviewing specific awards isn't, IMHO, which is all I intended my words to exclude.
I agree with Brian - allowing the review of specific awards could easily cause the DoS attack that I've been warning against
None of the versions of the text that we are looking at (the current BCP, Harald's, mine, Scott Brim's...) indicate that a request for review of an IAD or IAOC decision could result in: (1) reversing a legally binding decision, (2) forcing the IAOC to stop other work until the review is handled, (3) delaying the execution of the decision, (4) having any decision of the IAD/IAOC overturned by anyone other than the IAOC, or (4) anything else that would affect the operation of IASA.
So, the only DoS attack I can imagine is having such a large volume of review requests that handling them in any reasonable way sucks up all of the resources of the IAOC...
I attempted to address that form of attack by indicating that it is up to the IAOC to determine what level of processing a given review request requires. If the same person sends thousands of requests, I assume that the appropriate level of review for those requests would be zero. And, if that were escalated, the IESG would concur.
So, where do the DoS attack come in?
Margaret
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf