Skip to content

Explain potential for abuse#28

Open
LPardue wants to merge 2 commits intomainfrom
potential-for-abuse
Open

Explain potential for abuse#28
LPardue wants to merge 2 commits intomainfrom
potential-for-abuse

Conversation

@LPardue
Copy link
Collaborator

@LPardue LPardue commented Jul 26, 2024

Fixes #22

@LPardue LPardue requested a review from tfpauly as a code owner July 26, 2024 14:29
dthaler
dthaler reviewed Jul 26, 2024
View reviewed changes
@LPardue @dthaler
Update draft-edm-protocol-greasing.md
cc69e50 
Co-authored-by: Dave Thaler <dthaler1968@gmail.com>
tfpauly
tfpauly reviewed Jul 26, 2024
View reviewed changes
draft-edm-protocol-greasing.md

While protocol features, extensions, and versions all have legitimate uses, they
can become a burden when used to excess. For example, the ability to send
protocol grease that a peer is required to ignore can be abused to cause it to
Copy link
Member

@tfpauly tfpauly Jul 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe explain some examples of the abuse — not just the fact of ignoring one greased object, but having a flood of them that are all ignored, etc.

Copy link

@gorryfair gorryfair Jul 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thought: There is a "cost" when the greasing creates state, even if only to ignore the greased value. (I can think of cases where seeing a new value needs the receiver to do work to ignore. )

@tfpauly
Copy link
Member

tfpauly commented Jul 26, 2024

We could also have some positive advice earlier to generators of great to say "don't grease too much"

@LPardue
Copy link
Collaborator Author

LPardue commented Jul 29, 2024

Discussion in the room was: split the text across the sections, which I'll do on this PR so its not ready to be merged yet

@LPardue
Copy link
Collaborator Author

LPardue commented Jul 7, 2025

@tfpauly with some of the document restructuring, I now wonder if it makes sense to combine the concepts here with #39 ?

dthaler
dthaler reviewed Oct 20, 2025
View reviewed changes
draft-edm-protocol-greasing.md
Comment on lines +204 to +205
expend additional processing time. Insufficient monitoring or logging exposes
endpoints to a risk of denial-of-service attacks. Therefore, it is recommended
Copy link
Collaborator

@dthaler dthaler Oct 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So does excess logging. If greasing causes log entries, then a possible DOS attack would be to fill up the log (consuming storage space or BW).

But to me the sentence "Insufficient monitoring or logging exposes endpoints to a risk of denial-of-service attacks."
is hard to understand. How does it expose endpoints to a risk of DOS attacks? I think it just means DOS attacks go unnoticed, not that it exposes them in the first place, no?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tfpauly tfpauly tfpauly left review comments

@dthaler dthaler dthaler approved these changes

+1 more reviewer

@gorryfair gorryfair gorryfair left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Lacking commentary on denial of service

4 participants

@LPardue @tfpauly @dthaler @gorryfair