IETF Logo Mail Archive

Re: [imapext] AD review of draft-ietf-imapapnd-appendlimit-extension-06 (Section 2)

S Moonesamy <sm+ietf@elandsys.com> Thu, 10 December 2015 23:13 UTC

Return-Path: <sm@elandsys.com>
X-Original-To: imapext@ietfa.amsl.com
Delivered-To: imapext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24A2C1B2E00; Thu, 10 Dec 2015 15:13:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.8
X-Spam-Level:
X-Spam-Status: No, score=-1.8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, T_DKIM_INVALID=0.01, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LlvuHbneetZ7; Thu, 10 Dec 2015 15:13:48 -0800 (PST)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id 18AD71B2E07; Thu, 10 Dec 2015 15:12:41 -0800 (PST)
Received: from SUBMAN.elandsys.com ([197.226.210.92]) (authenticated bits=0) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id tBANCCxb015205 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 10 Dec 2015 15:12:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1449789146; x=1449875546; bh=eaTmN5+kpHRdyRNjfb2r0AKw5aZHRx0BqOjXq877Xik=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=To5etQDP/uPFwWEhDyqBUd14bh6Qgw5WyNuc7oV54snq2PCdz8WwrDzRvcsLOzEzb +V0lSSqN5kxGU+3wKayIh6719j4WflqsnQfAXxfizPL4xOiLp4lghQ3WwmGveucN5H YqHPlu3PY+Ztro2HMGoV5Xps+sJx738XQKN7yi0s=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=elandsys.com; s=mail; t=1449789146; x=1449875546; i=@elandsys.com; bh=eaTmN5+kpHRdyRNjfb2r0AKw5aZHRx0BqOjXq877Xik=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=ZwBlZ37Cdtvl0hnVe2AO0lMDZm9MuIvZVfAdLlpifqxM00n2OrV9uyNi5YIvRYva8 heNbBu08MiYWyQ03UkpM/skYlKKqxn6vZCSbYqL7TBHUecwS36pa46vEfhSF1LF3WT ULyIeg0k/8L7SqQG/d4xUnQhDR8KZTGi+G5ugZa8=
Message-Id: <6.2.5.6.2.20151210145510.0d521d10@elandnews.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Thu, 10 Dec 2015 15:11:56 -0800
To: Jayantheesh S B <j.sb@sea.samsung.com>, Naren <narendrasingh.bisht@gmail.com>, imapext@ietf.org
From: S Moonesamy <sm+ietf@elandsys.com>
In-Reply-To: <9790204f556c42eca3dd39549cf85130@SEAMBX01.sea.samsung.com>
References: <CALaySJLE_6+vbeB-SeMk1VHDAtq2VvS9yKe9dhQ2LTzr4y=oTg@mail.gmail.com> <DEA84B8F15992B4EA87D5CF3D0EC5F98AE4FCFD8@DRTW-EXMB04.telecom.sna.samsung.com> <6.2.5.6.2.20151209223348.0d1a66e0@resistor.net> <CAHC+rVHPmcpLKogQdFrCo+P-GaALoWLLGEw=MeA7hnarQhEYLw@mail.gmail.com> <6.2.5.6.2.20151210080422.10a00dc0@elandnews.com> <CAHC+rVEoexsnruY_uAY7t_S4z3PQs6ff8aX7x=48g==98pU4Vg@mail.gmail.com> <6.2.5.6.2.20151210101014.11999820@elandnews.com> <9790204f556c42eca3dd39549cf85130@SEAMBX01.sea.samsung.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Archived-At: <http://mailarchive.ietf.org/arch/msg/imapext/054iYlkjyOfxOpRaYtWl6YJz-Po>
Cc: draft-ietf-imapapnd-appendlimit-extension@ietf.org, Narendra Bisht <ns.bisht@sea.samsung.com>, Barry Leiba <barryleiba@computer.org>
Subject: Re: [imapext] AD review of draft-ietf-imapapnd-appendlimit-extension-06 (Section 2)
X-BeenThere: imapext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IMAP extensions <imapext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/imapext>, <mailto:imapext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/imapext/>
List-Post: <mailto:imapext@ietf.org>
List-Help: <mailto:imapext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/imapext>, <mailto:imapext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Dec 2015 23:13:49 -0000

Hi Jay, Naren,
At 13:39 10-12-2015, Jayantheesh S B wrote:
>[Jay]  One advantage I can think of is.
>  A server can have a customized APPENDLIMIT for different users 
> (based on some SLA).
>  The server advertises a static APPENDLIMIT before user logs in, to 
> display it support for the extension.
>After user logged in then server can show the user specific APPENDLIMIT.
>
>    (ii) What are the disadvantages of advertising the upload limit before the
>         user has logged in?
>
>[Jay] I don't see any disadvantage in sending the limit before user logged in.

I'll quote from 
http://www.ietf.org/mail-archive/web/imapext/current/msg05657.html

   "If the APPENDLIMIT is known beforehand, it's easy to overwhelm server with
    huge data which is beyond the APPENDLIMIT.  This might facilitate
    Denial-of-Service attacks.
    Makes sense?"

Is that as a disadvantage (question (ii))?  Barry asked why that 
helps anyone mount an attack.  The above reply says that it is easy 
to overwhelm the IMAP server if the (APPENDLIMIT) value is known 
beforehand.  Why should the IMAP server advertise the value before 
the user logs in when it can easily be used to generate an attack?

Regards,
S. Moonesamy (as document shepherd)

v2.23.0 | Report a Bug | By Email