%% You should probably cite draft-tiloca-tls-dos-handshake-02 instead of this revision. @techreport{tiloca-tls-dos-handshake-01, number = {draft-tiloca-tls-dos-handshake-01}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-tiloca-tls-dos-handshake/01/}, author = {Marco Tiloca and Ludwig Seitz and Maarten Hoeve and Olaf Bergmann}, title = {{Extension for protecting (D)TLS handshakes against Denial of Service}}, pagetotal = 14, year = 2017, month = oct, day = 28, abstract = {This document describes an extension for TLS and DTLS to protect the server from Denial of Service attacks against the handshake protocol, carried out by an on-path adversary. The extension includes a nonce and a Message Authentication Code (MAC) over that nonce, encoded as a Handshake Token that a Trust Anchor entity computes and provides to the client. The server registered at the Trust Anchor verifies the MAC to determine whether continuing or aborting the handshake.}, }