On Feb 8, 2015, at 1:20 PM, Yaron Sheffer <[email protected]> wrote: > I think we've come a full circle. We now have a proposal that makes > proof-of-work more deterministic for each type of client (which I find very > useful). But the weaker clients will always lose, no matter what POW solution > we choose. This has been a problem with this proposal from day one and it's a > limitation that we as a group need to decide whether to accept or not. In a > world where some clients are 100X more powerful than others, IMHO this result > is something we have to live with. > > The only partial solution I see to this problem is to recommend using RFC > 5723 session resumption, so that clients who have recently connected can > reconnect even in DoS situations.
Can a gateway sanely do session resumption when it is under DoS attack? That is, can the gateway safely allocate CPU resources to a purported session resumption? --Paul Hoffman _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
