RE: LCUP issue: What is "a while"?

[Ryan Moats <rmoats@xxxxxxxxxxxxxxxxx>]

| At 06:26 AM 2002-09-04, Liben, Michael (GTS) wrote:
| >The "MUST wait for a while" would be consistent with most other network
| >algorithms. If it doesn't wait, it may cause unintentional denial of
| >service attacks by swamping the server with connection requests. 
| 
| Jim's comment was that the phrase "MUST wait a while" is a
| meaningless mandatory requirement.  A nanosecond can be viewed
| as a long while in some contexts, a century can be viewed
| as a short while in some contexts.  While the document
| could attempt to define what an appropriate while is in
| this context, the document likely would be better off not
| stating this as mandatory requirement.
|
| Kurt

?!?!?!?!?

Speaking as one who has implemented something similar to one of the
proposed use cases for LCUP, we completely ignored this protocol because
of the use of persistent open TCP connections and lack of a
viable client backoff requirement.

Since LCUP is proposing persistent open TCP connections (which IMHO 
is questionable, but I bow to the working group on that) and
the use of an error code for resources exhaustion, "acceptable" client
behavior ought to be specified to help determine a "malicious" client.

Since Kurt's comments imply that different use cases of LCUP require
different back off periods, I'd think that having the server specify
the initial backoff period in seconds with the lcupResorcesExhausted error
would be worth consideration.

Ryan