> Justin Karneges wrote: > > This begs the question: what is too big? Currently, we consider > stanza size > > to be somewhat unbounded, as XMPP-Core imposes no size maximum. But > I > > believe we do need some mechanism for a stanza maximum size, > otherwise XMPP > > software is prone to denial-of-service attacks.
> agreed > but the max stanza size depends mostly on the server configuration. We > can recommend a number in the RFC and make a note about possible DNS > attacks and memory overflows if a server allows a unlimited stanza size > and XML depth. I think a client should be able to retrieve the max > stanza size using disco and cache it. I also agree. Our server's default max stanza size (configurable) is currently 1MB. Any other implementers care to chime in? :) We need some sort of protocol so clients know limits such as this, stanza rate limiting, etc (probably just a disco form). -JD