Kyle, the question for me is whether it will be an effective mechanism when many devices just do not support it (for a number of reasons)? For IoT devices the reason is simple: they don't have MBs of memory.
Even the regular puzzle technique has the problem that you have to adjust the puzzle difficulty and what is a piece of cake for a desktop computer kills the battery of an IoT device. (And note that I am not saying that IoT devices aren't used for DDoS attacks.) On 07/06/2016 10:16 PM, Kyle Rose wrote: > On Wed, Jul 6, 2016 at 4:08 PM, Hannes Tschofenig > <hannes.tschofe...@gmx.net <mailto:hannes.tschofe...@gmx.net>> wrote: > > I agree with Brian here on this issue. This is clearly impractical for > IoT devices. For many of those devices we are talking about 32 KB (in > total). > > > I continue to feel like this is a valid objection to the wrong > proposition. I don't think the question is, "Should TLS client puzzles > be issued by all TLS servers under load?" but rather, "Would client > puzzles be a useful addition to the DDoS toolbox, and appropriate in > some cases?" > > Kyle >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
