Hi, > The TLS WG has had a few chats about "client puzzles" -- where a > server, mainly under load, can ask the client to do some work before > resuming the handshake.
Yes, but then we are again at the point that weaker devices will be at a disadvantage, and that we are burning CPU power for nothing. That, together with the option of simply renting a botnet to stage the attack, make the benefits seem rather insignificant. But I could be wrong. Do we actually have evidence of DoS via TLS? Ralph -- Ralph Holz I8 - Network Architectures and Services Technische Universität München http://www.net.in.tum.de/de/mitarbeiter/holz/ Phone +49.89.289.18043 PGP: A805 D19C E23E 6BBB E0C4 86DC 520E 0C83 69B0 03EF _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
