OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

emergency message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [emergency] CAP and DDoS

Yeah, What he said.

Ciao,
Rex

At 12:42 PM -0600 2/6/04, Bullard, Claude L (Len) wrote:
>And that message should be communicated.  Otherwise,
>good intentions over flaky protocols will filter
>into the infrastructure.  A problem of the current
>environment is that too many in the Beltway and
>elsewhere are drinking the HTTP/REST/IP kool-aid and
>not taking into account the unreliability and
>vulnerabilities of the base TCP/IP infrastructure.
>So Federal dollars will be attached to agency
>procurements based on those technologies. 
>
>Some will understand and refuse to build it
>for mission critical applications; some won't. 
>
>Be sure the message is clear and the risks
>are well-explained.  An XML document doesn't buy
>them security or protection.  Being agnostic
>and failing to explain the need to completely
>assess the risk of the transport are different.
>
>Thanks!
>
>len
>
>
>From: Art Botterell [mailto:acb@incident.com]
>
>At 5:09 PM -0600 2/5/04, Bullard, Claude L (Len) wrote:
>>Perhaps out of scope, but of interest:  how  would Distributed
>>Denial of Service (DDoS) attacks affect the capabilities of systems
>>using CAP?  Pretty much as it would affect  any IP server, yes?
>
>Right.  In fact, any transport mechanism is vulnerable to some sort
>of denial-of-service attack, be it Internet-based DDOS,
>radio-frequency jamming or even plain old-fashioned "backhoe fade."
>
>This is one of the reasons we've all worked so hard to keep CAP
>transport-independent.  Technical diversity, through the integrated
>use of a combination of distinct transport technologies, is one of
>the best ways to mitigate the risk of DoS attacks and accidents.
>It's a lot harder to jam every technology at once than it is to jam
>any one at a time.
>
>To unsubscribe from this mailing list (and be removed from the 
>roster of the OASIS TC), go to 
>http://www.oasis-open.org/apps/org/workgroup/emergency/members/leave_workgroup.php.


-- 
Rex Brooks
GeoAddress: 1361-A Addison, Berkeley, CA, 94702 USA, Earth
W3Address: http://www.starbourne.com
Email: rexb@starbourne.com
Tel: 510-849-2309
Fax: By Request

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]