Peter Saint-Andre wrote: > Pedro Melo wrote: >> On Nov 12, 2008, at 2:42 PM, Dave Cridland wrote: >> >>> I also noted (when reading through the XEP alongside your review) that >>> in section 5, it suggests that stream compression might relax limits - >>> it's possibly worth noting that it's possible to use DEFLATE as a >>> traffic amplification attack, so I'm not convinced this is good advice. >> I meant to comment on that and missed my marker. I think the limits of >> bandwidth should be applied after decompression. > > That seems sensible. I'll update the document accordingly.
In fact I think that it's better to remove that paragraph. Peter
