FYI, this issue was raised at the IETF TCPM WG mailing-list a month ago or so. The OP argued to reduce the amount of time for which a peer could advertise a 0 window.
However, the problem is that if the goalis to perform a DoS attack, the attacker could advertise a 1-byte window (or ay other small window). Or he could advertise a 0-window for some time (less than the "threshold" the OP proposed), then increase the window to, say, one segment, and then go back to advertising a 0 window.
The OP had suggested seeing this behaviour tying up all system resources, hence leading to the attacked system to not be able to service legitimate systems.
There seemed to be agreement as at the TCPM WG that yu should handle these scenarios at the application layer.
Kindest regards,