Skip to main content

TLS Client Puzzles Extension
draft-nygren-tls-client-puzzles-02

Document Type Expired Internet-Draft (individual)
Expired & archived
Authors Erik Nygren , Samuel Erb , Alex Biryukov , Dmitry Khovratovich , Ari Juels
Last updated 2017-06-28 (Latest revision 2016-12-25)
RFC stream (None)
Intended RFC status (None)
Formats
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

Abstract

Client puzzles allow a TLS server to defend itself against asymmetric DDoS attacks. In particular, it allows a server to request clients perform a selected amount of computation prior to the server performing expensive cryptographic operations. This allows servers to employ a layered defense that represents an improvement over pure rate-limiting strategies. Client puzzles are implemented as an extension to TLS 1.3 [I-D.ietf-tls-tls13] wherein a server can issue a HelloRetryRequest containing the puzzle as an extension. The client must then resend its ClientHello with the puzzle results in the extension.

Authors

Erik Nygren
Samuel Erb
Alex Biryukov
Dmitry Khovratovich
Ari Juels

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)