Hi TLS Working Group, I am introducing a significant update to my individual draft: draft-eli-stealthflow-protocol (v1.4).
The StealthFlow Protocol (SFP) acts as a stateless "transport armor" layer designed to precede TLS or QUIC sessions. While ECH and TLS 1.3 have improved privacy, early handshake fingerprints and asymmetric DoS costs remain significant operational risks. Key enhancements in v1.4 include: 1. Dynamic Guide Identifiers: Replaces static headers with non-deterministic identifiers derived from nonces, ensuring the initial packet appears as high-entropy noise to DPI. 2. Strict 10-30ms Time-Lock PoW: Implements a narrow freshness window that forces attackers to perform real-time computation, effectively neutralizing pre-calculated or large-scale botnet floods. 3. Stateless Server Processing: Enables servers to validate and fail-silent at the XDP/eBPF layer without allocating memory state for unauthenticated requests. 4. Blind-Push Mechanism: Successfully handles the "unknown server public key" scenario during the first encounter, ensuring immediate protection. I would appreciate feedback on the economic feasibility of the PoW parameters and the protocol's integration with high-performance edge filtering. Link: draft-eli-stealthflow-protocol-00 - 隐形流协议(SFP) <https://datatracker.ietf.org/doc/draft-eli-stealthflow-protocol/> Best regards, Z. Eli
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
