TLS Client Puzzles Extension
draft-nygren-tls-client-puzzles-02

Document Type Expired Internet-Draft (individual)
Last updated 2017-06-28 (latest revision 2016-12-25)
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-nygren-tls-client-puzzles-02.txt

Abstract

Client puzzles allow a TLS server to defend itself against asymmetric DDoS attacks. In particular, it allows a server to request clients perform a selected amount of computation prior to the server performing expensive cryptographic operations. This allows servers to employ a layered defense that represents an improvement over pure rate-limiting strategies. Client puzzles are implemented as an extension to TLS 1.3 [I-D.ietf-tls-tls13] wherein a server can issue a HelloRetryRequest containing the puzzle as an extension. The client must then resend its ClientHello with the puzzle results in the extension.

Authors

Erik Nygren (erik+ietf@nygren.org)
Samuel Erb (serb@akamai.com)
Alex Biryukov (alex.biryukov@uni.lu)
Dmitry Khovratovich (khovratovich@gmail.com)
Ari Juels (juels@cornell.edu)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)