did-resolution icon indicating copy to clipboard operation
did-resolution copied to clipboard
verified publisher icon w3c

Add Security Consideration about turning caching off

Open msporny opened this issue 8 months ago • 5 comments

We should warn implementers that if they allow a client to turn off caching that they have to also protect themselves against DDoS attacks where clients turn off caching on purpose to make the server do a lot of network traffic. We should also note that clients should be ready to be denied when requesting that client caching is off, and should get an error back if the server refuses to turn off caching.

msporny avatar May 15 '25 15:05 msporny

Seems reasonable

gobengo avatar Jul 17 '25 15:07 gobengo

This was discussed during the #did meeting on 17 July 2025.

View the transcript

w3c/did-resolution#149

Add Security Consideration about turning caching off #149

Wip: Perhaps Ben you can take a shot at this?

bengo: If it just adding a security consideration then I can take this on...

w3cbot avatar Jul 17 '25 15:07 w3cbot

@msporny wdyt of the PR I made attempting to address this issue? https://github.com/w3c/did-resolution/pull/171

gobengo avatar Jul 21 '25 15:07 gobengo

LGTM, had some change suggestions.

msporny avatar Jul 21 '25 16:07 msporny

I accepted the changes.

gobengo avatar Jul 21 '25 18:07 gobengo