On Wednesday, June 29, 2016 2:08 PM, Kyle Rose wrote: > > Raising the cost of requests has a similar problem in that you're punishing > every client, but in doing so you do allow all clients capable of absorbing > the increased cost (e.g., memory, computing power) to get access to the > resources they need if the user is willing to accept that cost (e.g., energy, > latency).
The obvious issue with the "proof of work" defense against DDOS is that the bot nets can do more work than many legitimate clients. The puzzle approach will cut off the least capable legitimate clients, such as old phones or IOT devices. It will not cut off the PC enrolled in a bot net. It will merely slow it down a little. But then, you could have the same effect by just delaying the response and enforcing one connection per client. -- Christian Huitema _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
