UserPreferences

PaceAtomIdDos


Abstract

Point out the potential for denial of service by duplicating others' atom:id values.

Status

New

Rationale

Proposal

Add the following to format-08:

8.5 Denial of Service Attacks

Atom Processors should be aware of the potential for denial of service attacks where the attacker publishes an atom:entry with the atom:id value of an entry from another feed, and perhaps with a falsified atom:source element duplicating the atom:id of the other feed. Atom Processors which, for example, suppress display of duplicate entries by displaying only one entry with a particular atom:id value or combination of atom:id and atom:updated values, might also take steps to determine whether the entries originated from the same publisher before considering them to be duplicates.

Impacts

Notes

An alternative to PaceDuplicateIdsEntryOrigin


CategoryProposals