Justin Karneges wrote:
This begs the question: what is too big? Currently, we consider stanza size
to be somewhat unbounded, as XMPP-Core imposes no size maximum. But I
believe we do need some mechanism for a stanza maximum size, otherwise XMPP
software is prone to denial-of-service attacks.
However, email has no maximum size, and we probably have a great many XEPs
assuming an unbounded size as well. Thus, as soon as we apply a stanza size
maximum (which, I'm prepared to argue, is 100% necessary), we may run into
trouble with our existing protocols.
I think this is something we need to discuss.
agreed
but the max stanza size depends mostly on the server configuration. We
can recommend a number in the RFC and make a note about possible DNS
attacks and memory overflows if a server allows a unlimited stanza size
and XML depth. I think a client should be able to retrieve the max
stanza size using disco and cache it.
Alex