Antone Roundy wrote re the issue of DOS attacks:
> I've been a bit surprised that you [Bob Wyman] haven't
> been more active in taking the lead on pushing the conversation
> forward and ensuring that threads addressing the issue don't die
> out, given the strength of your comments on the issue in the past
> and the obvious significance to your business. ... Perhaps
> you, who are probably in a better position than any of us to speak
> from experience on how to deal with this, could refresh our memories
> of specifically what you think the best solution is.
Yes, this issue is very important to us at PubSub and should be very
important to others as well. However, as I've learned from other recent
discussions, my viewpoint is not commonly held in this Working Group. Thus,
what I've been trying to do is pick carefully the issues that I work on. For
instance, I've put a great deal of effort into multiple ids since that
allows us the freedom to either work out proprietary solutions to the DOS
problem on our own or allows us to punt the problem forward to the
end-users' aggregators if we can't come up with a decent solution.
Clearly, the best solution here would be for folk to use signatures.
But, that is going to take either a great deal of work to get adopted or
something really creative (and simple)... The history of attempts to get
signatures used does not make pleasant reading... We are putting effort into
working out methods to make signatures more acceptable to the community and
I hope to have some proposals soon... If we successful (wish us luck!) that
will at least provide a solution for some people...
Basically, it doesn't make sense for me to keep demanding that
people deal with issues that they clearly don't want to address. I've been
mentioning the DOS problem for months now and getting nowhere. So, the
reason I'm not pushing harder is that it is clear that implementable
work-arounds will be more useful than never agreed-to "solutions"...
bob wyman
