Hi. As I’m the document author, it’s no surprise that my vote is Yes.
Much like Paul Wouters, I would have liked to have a kind of puzzle that did not give an advantage to attacking desktops over legitimate smartphones. But all proposals for puzzles have been just as CPU-bound as the partial hash break in the current draft, or the bitcoin-style puzzle that I like better now. One proposal that I kind of liked (and I’m sorry I’ve forgotten who suggested it) was to relegate the puzzle to a second line of defense, through the use of some kind of anti-dos ticket. The ticket would be a bearer token (perhaps an encrypted timestamp) that would allow the bearer to get by with a much easier version of the puzzle. The responder would make an effort to prevent replay of tickets (as in remembering the last 1000 valid tickets), which would mean that to consistently get the easy version of the puzzle, the attackers would need to collect a greater amount of tickets than the responder stores. In any case, I think the document should be adopted, and then we can change the puzzle algorithm according to the group’s preference and add a fast path for repeat visitors if we think that’s a good idea. Yoav On Sep 21, 2014, at 10:52 PM, Yaron Sheffer <[email protected]> wrote: > Dear working group, > > This is a call for adopting draft-nir-ipsecme-puzzles-00 as a WG document. > Please respond to this mail with a Yes or No and a short rationale, at latest > by Friday Sep. 26. > > Thanks, > Yaron
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
