Limit retransmission of closing packet #1905
Labels
-transport
design
An issue that affects the design of the protocol; resolution requires consensus.
has-consensus
An issue that the Chairs have determined has consensus, by canvassing the mailing list.
@mikkelfj observes that we permit rate limiting of connection close frames, but they might be used to create an amplification attack if the closing endpoint is naive in its handling. The fix is easy - the endpoint needs to remember a validated address for its peer along with the closing packet. Packets from other remote addresses need to be dropped or only responded to if the size of the incoming packet is > 1/3 of the closing packet. In most cases, this won't change anything.
The text was updated successfully, but these errors were encountered: