5.1 Security Considerations for Implementers

Clients indicating they support large metadata response can use this in a DDoS attack on services . The nature of the attack is to have a large number of distributed clients issue requests indicating they support large responses. Assuming TCP is in use, the clients would then slow their processing of data and cause TCP backoffs to slow data transmission to 100 bytes/second. The large number of clients would result in a significant number of active connections and potentially a large amount of in memory state on the service. It is not clear that this attack is significantly more damaging than having the clients aggressively download, which would instead exhaust bandwidth but would have similar external consequences.

Similarly, clients indicating they support large metadata responses can end up receiving a large response at a very slow rate, and might be impacted by the same in-memory state concerns as services.