TLS Client Puzzles Extension
draft-nygren-tls-client-puzzles-02
Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
---|---|---|---|
Authors | Erik Nygren , Samuel Erb , Alex Biryukov , Dmitry Khovratovich , Ari Juels | ||
Last updated | 2017-06-28 (Latest revision 2016-12-25) | ||
RFC stream | (None) | ||
Intended RFC status | (None) | ||
Formats | |||
Stream | Stream state | (No stream defined) | |
Consensus boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | Expired | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
Client puzzles allow a TLS server to defend itself against asymmetric DDoS attacks. In particular, it allows a server to request clients perform a selected amount of computation prior to the server performing expensive cryptographic operations. This allows servers to employ a layered defense that represents an improvement over pure rate-limiting strategies. Client puzzles are implemented as an extension to TLS 1.3 [I-D.ietf-tls-tls13] wherein a server can issue a HelloRetryRequest containing the puzzle as an extension. The client must then resend its ClientHello with the puzzle results in the extension.
Authors
Erik Nygren
Samuel Erb
Alex Biryukov
Dmitry Khovratovich
Ari Juels
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)