Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Explain potential for abuse #28

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Explain potential for abuse #28

wants to merge 2 commits into from

Conversation

LPardue
Copy link
Collaborator

@LPardue LPardue commented Jul 26, 2024

Fixes #22

@LPardue LPardue requested a review from tfpauly as a code owner July 26, 2024 14:29
@@ -198,6 +198,17 @@ not limited to those discussed in this document, can affect fingerprinting. A
deeper analysis of this topic has been deemed out of scope.


While protocol features, extensions, and versions all have legitimate uses, they
can become a burden when used to excess. For example, the ability to send
protocol grease that a peer is required to ignore can be abused to cause it to
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe explain some examples of the abuse — not just the fact of ignoring one greased object, but having a flood of them that are all ignored, etc.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thought: There is a "cost" when the greasing creates state, even if only to ignore the greased value. (I can think of cases where seeing a new value needs the receiver to do work to ignore. )

@tfpauly
Copy link
Member

tfpauly commented Jul 26, 2024

We could also have some positive advice earlier to generators of great to say "don't grease too much"

@LPardue
Copy link
Collaborator Author

LPardue commented Jul 29, 2024

Discussion in the room was: split the text across the sections, which I'll do on this PR so its not ready to be merged yet

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Lacking commentary on denial of service
4 participants