Sunday, June 11, 2017

[bcpudyua] DoS mitigation with P2P HTTP

The Content-md5 header in HTTP, and its successors in RFC 3230 and RFC 5843, hint that it might be possible to substitute some peer-to-peer protocol for the bulk of HTTP.  Find the content with a known or given hash anywhere, e.g., in someone else's cache, not just from the original server.

This only works with static content.  Yet unspecified is how one comes to know the hash of the content you want.

What should be done if the declared hash in the header does not match the computed hash of the received content?

No comments :