OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: T2 Clarify TimeToLive

   Date: Wed, 12 Sep 2001 15:17:08 -0400
   From: "Martin W Sachs" <mwsachs@us.ibm.com>

   While we are at it, it is not at all clear if a message that has already
   been persisted should be destroyed by the MSH when TTL has expired.  Once
   the message has been persisted (and the application notified that it is
   there), it is already in the application domain.

Yes, definitely.

   Message level time-to-live functions are useful at the message layer to
   prevent a message from circulating endlessly without being delivered (the
   IP hop count is an example of this).  

And also to allow GC of the persistent storage of message ID's being used
for duplicate detection, as I've said before.

					 TTL functions related to staleness of
   the transaction are an application matter.

I agree.

   Date: Wed, 12 Sep 2001 12:37:10 -0700
   From: "Burdett, David" <david.burdett@commerceone.com>

   It shouldn't be destroyed based on TTL. The persistDuration should be used
   instead. This is the *minimum* duration that a message should retained by a
   MSH for reliable messaging purposes.

   You might argue though that if TTL is longer the persistDuration that the
   receiving MSH should persist it until after the TTL has passed. 

If any message has a TTL longer than the persistDuration, then
duplicate detection is in big trouble.  If a duplicate of a message
manages to lurk in the network for longer than persistDuration, and
then the original message is removed from persistent storage because
persistDuration ran out, and then the lurker shows up and its TTL is
not yet reached, the application will see a duplicate.  A message with
a TTL > persistDuration is treated like any other message that
violates the CPA.

persistDuration has to be interpreted as an agreement between the two
parties that every (reliable) message will have a TTL <=
persistDuration.

								   However I
   can imagine an attack whereby someone sends messages with a TTL of, say, a
   year hence just to clog up a MSH.

(Oh, I hope we don't have to try to deal with denial-of-service issues
at this point.  They're hard to deal with, and we're pretty busy
already.)

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC