On Fri, Sep 02, 2022 at 02:42:54PM -0700, Martin Duke wrote: > Hi Libor, > > Your subject line hints at a proposal, but I can't parse one in your email. > > Regardless, yes, protocol anti-DoS mechanisms rely on the server having as > much capacity as the client. If this is not the case, the attacker > can always overwhelm the server by simply completing legitimate > transactions at scale.
Agreed! > The Retry token is the proof-of-work you're hinting at. If you don't want > the latency associated with that, I > encourage you to implement a more selective rule on when you send Retry > (e.g. only when the server is under high load, or from specific IP > addresses). FWIW that's what we're doing in haproxy. We mimmick what's usually done in TCP stacks with SYN cookies, and start sending Retry when the number of half-open connections is higher than a configurable threshold. I don't see a need for slowing down regular clients for a false impression that it would allow to stop DDoSes; when you have one million machines in front of you, the proof of work becomes of limited use and all clients suffer. Willy
