On Wednesday, June 29, 2016 7:37 PM, Geoffrey Keating wrote: > > Kyle Rose <kr...@krose.org> writes: > > > Let's finish that last sentence: > > > > I have to think a lot more about the IoT/resource-constrained client > > problem, but I still don't think the existence of clients that would be > > denied service by this scheme renders the concept completely inapplicable. > > Perhaps for the resource-constrained/IoT situation, what you want is > to mostly be using a pre-shared key, track clients, and only make the > suspicious (too many connections too fast) or new ones solve the > puzzle.
I am also a little worried that this can become a mechanism to DOS the clients. Imagine an adversary capable of redirecting a client request, either by hacking the DNS or hacking a proxy. The hacked server can send the client a puzzle, and force the client into spending some energy. And with the proposed extension, all that happens before the client has a chance to authenticate the server. -- Christian Huitema _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
