TLS Client Puzzles Extension
draft-nygren-tls-client-puzzles-00

The information below is for an old version of the document
Document Type Expired Internet-Draft (individual)
Last updated 2016-01-03 (latest revision 2015-07-02)
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-nygren-tls-client-puzzles-00.txt

Abstract

Client puzzles allow a TLS server to defend itself against asymmetric DDoS attacks. In particular, it allows a server to request clients perform a selected amount of computation prior to the server performing expensive cryptographic operations. This allows servers to employ a layered defense that represents an improvement over pure rate-limiting strategies. Client puzzles are implemented as an extension to TLS 1.3 [I-D.ietf-tls-tls13] wherein a server can issue a HelloRetryRequest containing the puzzle as an extension. The client must then resend its ClientHello with the puzzle results in the extension.

Authors

Erik Nygren (erik+ietf@nygren.org)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)