Default polling wait time #86
Assignees
Comments
|
Might have to broaden the perspective and provide more general guidance on how to avoid/limit DDoS |
|
I think we need general considerations as well, but this is a specific case where a naive implementation could accidentally DoS the system by polling too quickly. |
|
yes. Then it's simple, anything around the minute should work. |
Merged
|
Discussed in security considerations https://www.ietf.org/archive/id/draft-ietf-gnap-core-protocol-07.html#name-denial-of-service-dos-throu However, still no normative requirement in the polling section so this issue is staying open until that's in. |
|
Need to add this to the interaction response section. I suggest "SHOULD NOT be less than five seconds" and "omission MUST NOT be treated as zero". |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
§5 Continuing a Grant Request: Editor's note:
What's a reasonable amount of time to wait by default so as not to DOS the server if the field is missing?
The text was updated successfully, but these errors were encountered: