On Wed, Dec 5, 2018 at 10:47 PM R duToit <r@nerd.ninja> wrote: > 2. The DoS (prevention) engineers should also weigh in on this. Would > servers not start reusing TLS 1.3 keyshare values when under DoS attack?
DDoS (mitigation) engineer here, I'll reiterate the idea I've raised before in quic-wg. The operation of a server (or a client, because a client could be attacked too) under a DDoS attack should be as close to a normal way of operation as possible. Every single case where it's different should be seen as opening a motivation for an attacker to hunt exactly for that difference. E.g. if you add RTTs under an attack, then an attacker can play with jitter, or make your server appear slower for clients than their server (assuming the attack is ordered by your market competition). (This is by the way the reason why fast open wasn't a nice idea from the DDoS mitigation perspective) So no. TLS keyshare reuse is visible from the attacker's point of view, so must not be done under a DDoS attack. | Töma Gavrichenkov | gpg: 2deb 97b1 0a3c 151d b67f 1ee5 00e7 94bc 4d08 9191 | mailto: xima...@gmail.com | fb: ximaera | telegram: xima_era | skype: xima_era | tel. no: +7 916 515 49 58 _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls