Re: [tor-dev] Onion DoS: Killing rendezvous circuits over the application layer

Hi,

There's also another negative we haven't considered:

On 3 Dec 2019, at 00:16, George Kadianakis desnacked@riseup.net wrote:

Negatives:

a) It's a dirty hotfix that blends the networking layers and might be annoying to maintain in the long-term.

b) It only works for HTTP (and without SSL?).

c) We'll need to make sure that this defence can't be triggered accidentally, (or maliciously via request or response content), otherwise it turns into another way of triggering a DoS.

For example, if we searched for a custom string anywhere in the data stream, then any page documenting that string would be unavailable.

T