@techreport{tiloca-tls-dos-handshake-02,
    number =    {draft-tiloca-tls-dos-handshake-02},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-tiloca-tls-dos-handshake/02/},
    author =    {Marco Tiloca and Ludwig Seitz and Maarten Hoeve and Olaf Bergmann},
    title =     {{Extension for protecting (D)TLS handshakes against Denial of Service}},
    pagetotal = 15,
    year =      2018,
    month =     mar,
    day =       5,
    abstract =  {This document describes an extension for TLS and DTLS to protect the server from Denial of Service attacks against the handshake protocol, carried out by an on-path adversary. The extension includes a nonce and a Message Authentication Code (MAC) over that nonce, encoded as a Handshake Token that a Trust Anchor entity computes and provides to the client. The server registered at the Trust Anchor verifies the MAC to determine whether continuing or aborting the handshake.},
}