Re: [TLS] TLS client puzzles

Let's finish that last sentence: I have to think a lot more about the IoT/resource-constrained client problem, but I still don't think the existence of clients that would be denied service by this scheme renders the concept completely inapplicable. ___

Re: [TLS] TLS client puzzles

On Wed, Jun 29, 2016 at 5:41 PM, Christian Huitema wrote: > On Wednesday, June 29, 2016 2:08 PM, Kyle Rose wrote: > > > > Raising the cost of requests has a similar problem in that you're > punishing > > every client, but in doing so you do allow all clients capable of >

Re: [TLS] TLS client puzzles

On Wednesday, June 29, 2016 2:08 PM, Kyle Rose wrote: > > Raising the cost of requests has a similar problem in that you're punishing > every client, but in doing so you do allow all clients capable of absorbing > the increased cost (e.g., memory, computing power) to get access to the >

Re: [TLS] Downgrade protection, fallbacks, and server time

On Wed, Jun 1, 2016 at 6:57 PM Eric Rescorla wrote: > On Wed, Jun 1, 2016 at 3:53 PM, David Benjamin > wrote: > >> On Wed, Jun 1, 2016 at 6:43 PM Eric Rescorla wrote: >> >>> 2% is actually pretty good, but I agree that we're going to need

[TLS] TLS client puzzles

Dear all, together with our colleagues from Akamai, we would like to pursue further the draft on the TLS client puzzles, the first version of which was aired in 2015. As before, the client puzzles allow a server to request clients perform a selected amount of computation prior to the server