Hi Paul,
> > This change will require both client and server to be updated to take an
> > effect.
> > IMHO in this case a better option would be as follows: negotiate an
> > extension
> > that will change AUTH payload input by zeroing out content of cookie.
>
> What would this actually achieve?
Hi Tero,
> > > I think the long term solution is to do puzzles, as I do not think you
> > > need to change puzzles secrets that often compared to the cookie
> > > secrets.
> >
> > Puzzle are not solution for this problem. RFC 8019 suggests that
> > is included in the cookie that allows the respon
On Thu, 24 Sep 2020, Valery Smyslov wrote:
We have a server that is under a serious DDoS attack. It is sending back
COOKIES and soon might have too many half open SA's to even accept any
new connections with COOKIES.
I fail to understand why server might have too many half open SA's
with the p
Valery Smyslov writes:
> Hi Tero,
>
> > > > I think the long term solution is to do puzzles, as I do not think you
> > > > need to change puzzles secrets that often compared to the cookie
> > > > secrets.
> > >
> > > Puzzle are not solution for this problem. RFC 8019 suggests that
> > > is includ
