OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

emergency message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [emergency] CAP and DDoS


And that message should be communicated.  Otherwise, 
good intentions over flaky protocols will filter 
into the infrastructure.  A problem of the current 
environment is that too many in the Beltway and 
elsewhere are drinking the HTTP/REST/IP kool-aid and 
not taking into account the unreliability and 
vulnerabilities of the base TCP/IP infrastructure. 
So Federal dollars will be attached to agency 
procurements based on those technologies.  

Some will understand and refuse to build it 
for mission critical applications; some won't.  

Be sure the message is clear and the risks 
are well-explained.  An XML document doesn't buy 
them security or protection.  Being agnostic 
and failing to explain the need to completely 
assess the risk of the transport are different.

Thanks!

len


From: Art Botterell [mailto:acb@incident.com]

At 5:09 PM -0600 2/5/04, Bullard, Claude L (Len) wrote:
>Perhaps out of scope, but of interest:  how  would Distributed 
>Denial of Service (DDoS) attacks affect the capabilities of systems 
>using CAP?  Pretty much as it would affect  any IP server, yes?

Right.  In fact, any transport mechanism is vulnerable to some sort 
of denial-of-service attack, be it Internet-based DDOS, 
radio-frequency jamming or even plain old-fashioned "backhoe fade."

This is one of the reasons we've all worked so hard to keep CAP 
transport-independent.  Technical diversity, through the integrated 
use of a combination of distinct transport technologies, is one of 
the best ways to mitigate the risk of DoS attacks and accidents. 
It's a lot harder to jam every technology at once than it is to jam 
any one at a time.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]