> I agree, and I think it is clear that client puzzles can be a useful > addition to the DDoS defense toolbox. However, most of this can be handled > at the higher levels above TLS, or possibly as a custom extension that does > not complicate TLS. >
A custom extension is a promising approach: this is what Erik Nygren proposed in nygren-tls-client-puzzles-00 following discussions with some IETF folks and Akamai colleagues. That draft has expired and doesn't reference any of the recent work on memory-hard puzzles, but it might be a good starting point. Except at the pre-TLS stage for applications that use STARTTLS-style mechanisms, I'm not sure how this could work at levels above TLS: the primary attack targeted by client puzzles would be a client doing almost no work in order to force the server to do expensive crypto, which means it must be engaged prior to the handshake. Kyle
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
