📅 Original date posted:2019-07-08
📝 Original message:
On Fri, Jul 05, 2019 at 03:36:37AM +0000, ZmnSCPxj via Lightning-dev wrote:
> A client can easily DoS the server by requesting and requesting (thus
> convincing the server to encrypt and send data immediately) and never
> paying.
Is this an actual concern? Assuming this protocol is used with web apps
for sites that are available over HTTPS, the client can just request the
order form page over and over to also waste server CPU encrypting and
bandwidth transfering (or they could use more clever ways to abuse TLS).
For the case of a downloaded file, the server can encrypt immediately
before it puts data in the TCP queue so that, if the socket blocks
(because the client isn't downloading), it only wasted CPU encrypting a
few more blocks than were actually delivered.
-Dave
David A. Harding [ARCHIVE] /
npub16d…x4wrd
2023-06-09 12:55:25
in reply to nevent1q…jevz
Author Public Key
npub16dt55fpq3a8r6zpphd9xngxr46zzqs75gna9cj5vf8pknyv2d7equx4wrdPublished at
2023-06-09 12:55:25Event JSON
{
"id": "b3639383757a4133b890533a59488b58e548a5b9f3ad57c33e40f7ba6c05d780",
"pubkey": "d3574a24208f4e3d0821bb4a69a0c3ae842043d444fa5c4a8c49c369918a6fb2",
"created_at": 1686315325,
"kind": 1,
"tags": [
[
"e",
"0aa1d4f0bb44069d397812365349dcb5b221b8adf367921d153427e592da9028",
"",
"root"
],
[
"e",
"58cce08ac7ecc965adb448ffa76dbf373e6b850a5732569d2829859cb64abb08",
"",
"reply"
],
[
"p",
"4640dfa33a2404507c1177a87aa949fcec805be1e1599e1df9bc823c35f5e208"
]
],
"content": "📅 Original date posted:2019-07-08\n📝 Original message:\nOn Fri, Jul 05, 2019 at 03:36:37AM +0000, ZmnSCPxj via Lightning-dev wrote:\n\u003e A client can easily DoS the server by requesting and requesting (thus\n\u003e convincing the server to encrypt and send data immediately) and never\n\u003e paying.\n\nIs this an actual concern? Assuming this protocol is used with web apps\nfor sites that are available over HTTPS, the client can just request the\norder form page over and over to also waste server CPU encrypting and\nbandwidth transfering (or they could use more clever ways to abuse TLS).\n\nFor the case of a downloaded file, the server can encrypt immediately\nbefore it puts data in the TCP queue so that, if the socket blocks\n(because the client isn't downloading), it only wasted CPU encrypting a\nfew more blocks than were actually delivered.\n\n-Dave",
"sig": "ce283328719e31400ce1e8e49c732c74ea6c3413882353ce7e4786726240729653afabe2ceb101a6045de7180827728b1eb9a53c3da62d4a758f6dd2087c315d"
}