On Oct 10, 2014, at 9:25 PM, Michael Richardson <[email protected]> wrote:
> > Graham Bartlett (grbartle) <[email protected]> wrote: >> Now the only issue I can see is alluded to in the draft, where a VPN >> headend is serving clients with varying resource. So say a botnet >> attacks this headend and the puzzle is enabled, you have some clients >> with a lot of resource (that require a hard puzzle) and some mobile >> devices with minimal (that require an easier puzzle). How do you >> identify each? The only way I can think is you must do this once the >> device has authenticated itself - else how do you know who they are? > > I have two observations here. > > The first is that while the botnet can pull in potentially hundreds of > teraflops of computation in order to solve a harder puzzle, it has > communication overhead in order to do that; > > The second observation is that the puzzle has to be trivially parallelizable > in order for the botnet (or even the multi-core mobile phone!) to do better > than a single CPU. I don’t think this is the best strategy for the botnet. Rather than pool all their resources to solve a single puzzle (bitcoin-style), wouldn’t it be better for each node to act like a legitimate client and solve its own puzzle in however long it takes? Yoav _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
