Re: [TLS] TLS client puzzles
Hannes Tschofenig <hannes.tschofenig@gmx.net> Wed, 06 July 2016 20:09 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3794C12D123 for <tls@ietfa.amsl.com>; Wed, 6 Jul 2016 13:09:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.027
X-Spam-Level:
X-Spam-Status: No, score=-4.027 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lA3DM_-yQjAP for <tls@ietfa.amsl.com>; Wed, 6 Jul 2016 13:09:08 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20C2112D1C2 for <tls@ietf.org>; Wed, 6 Jul 2016 13:09:07 -0700 (PDT)
Received: from [192.168.10.131] ([80.92.121.176]) by mail.gmx.com (mrgmx001) with ESMTPSA (Nemesis) id 0LkfdE-1bt7U01qqa-00aWi6; Wed, 06 Jul 2016 22:09:00 +0200
To: Brian Smith <brian@briansmith.org>, Dmitry Khovratovich <khovratovich@gmail.com>
References: <CALW8-7Kv01Dw3YBiW20SBEScWqkup53xpCjy8834PpLDkgb4cg@mail.gmail.com> <CAFewVt4uUA-3X3M-ZmREo81p+MZp+72g9CX1d1Z7bK8G8AL9Vg@mail.gmail.com>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
X-Enigmail-Draft-Status: N1110
Message-ID: <577D655A.40802@gmx.net>
Date: Wed, 06 Jul 2016 22:08:58 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.8.0
MIME-Version: 1.0
In-Reply-To: <CAFewVt4uUA-3X3M-ZmREo81p+MZp+72g9CX1d1Z7bK8G8AL9Vg@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="w2HSHaHSSD7VHi9eRd8oB8SDOUUJQTCTc"
X-Provags-ID: V03:K0:74BsCBNcZcdYbxtOnm8bimHEOqT/gnIl/HAtK2qRTB3tujjqlPZ oi+BT1srJSTS5oZzrtppxcwPcnMxmRxeyG/4qPhfmXWtxShJH9ay0lwTQDYQThYjajMUVWx CO0Mp9Rg5CNavOFBl7VC2XX+tyGQfaVpotIen9TAdD3WRLp01LmKAl7pF4pH9Il1K0CzaOU 3v4K7KJjZdTLYzo1cBb8A==
X-UI-Out-Filterresults: notjunk:1;V01:K0:TKH3IM4AlQk=:8zETzPIat/2EdFOS9j+9EM 6faApTtB4PHMc+FSXNHX21Ipjm+ZAYJI5Nq8cxBWVZpLdDkYfb933aKcjSxvB5tbM/cWeqApe BaULMh9MsdhN8Qu4brwYGa5wdHS8W2PLdfQVlcyWFUYbi/MPQT+bHQBelM3K/FAIE6aUHC2M6 thZCT7/EkkIY2PMD5uT+TW0kN3DgE52gwNEkvpbGAe1jnZMKGtxNfmLNfsNSxfzZLPPMPxA97 Zn7/uEKegbucY4iGgUo4LsRc94LoOlFr2EfZ4hRx9vkSi5FuX4cFPthBXtWEcY8e04iL4zt1/ w2I299D/LsExEWoZpGqIm+Ll+FSrT27Ior8LQE6HoqAGFxCWa+xZpaCVE90BqVatdWPjPgMDX E6PSfK4gglH0Bz2470hFCKOdqwXDmw89kuxe+dOiIWGJZlVmiaTvDRavurm9NC+RhLP/okhM7 r4cUWDQsBjFQVKRySy2ut8IfZOpfxRiEaLqpIaY5rNPMEsTq9XmjIQk7X9Ba3M5v4nVqfi77o a73TxW31e6ykZw3Gqn4I0uUCtfAfdLxI2gnf1rwt3sjAoiQfwusKEaHV3+0RHAofD9esFY+g+ eK608RE/YZjSrFqzUjVT8hiCbzDo8rnzAtJTjPv4HCx+5+9ub1yIE33H/4zkYE7ghah7I7iOR 3ruyfDfqgE6uK6MDa1dvnZwUyJKbvsZowSekSkdoPTvAKbXFdo96T8dH5a1SCzscr3MtkDJJV SvOuTk8/UrN5H1tH817YoOpMNSasEwnG5+sKFe3zdONUWRzU/SidhBVypkg=
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/U5JXrvKGGmwPEpDWOSnhrwpK_-Y>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] TLS client puzzles
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jul 2016 20:09:10 -0000
I agree with Brian here on this issue. This is clearly impractical for IoT devices. For many of those devices we are talking about 32 KB (in total). On 06/29/2016 09:25 PM, Brian Smith wrote: > Dmitry Khovratovich <khovratovich@gmail.com> wrote: >> It allows cheap and memoryless verification by the server even though the >> puzzle solving guaranteely requires dozens of MB of RAM from a client > > I feel like this is impractical simply because lots of people are > building HTTPS clients that don't even have dozens of MB of RAM total. > I think we should avoid doing anything that requires the client to > have more than ~16KB of memory total to devote to TLS stuff. > Otherwise, we force the internet to have an architecture where all > small devices require a smart proxy to solve these puzzles for them > and do other things. > > Cheers, > Brian >
- Re: [TLS] TLS client puzzles Erik Nygren
- Re: [TLS] TLS client puzzles Kyle Rose
- Re: [TLS] TLS client puzzles Bill Cox
- Re: [TLS] TLS client puzzles Peter Gutmann
- Re: [TLS] TLS client puzzles Dave Garrett
- Re: [TLS] TLS client puzzles Kyle Rose
- Re: [TLS] TLS client puzzles Hannes Tschofenig
- Re: [TLS] TLS client puzzles Hannes Tschofenig
- Re: [TLS] TLS client puzzles Tony Arcieri
- Re: [TLS] TLS client puzzles Kyle Rose
- Re: [TLS] TLS client puzzles Salz, Rich
- Re: [TLS] TLS client puzzles Hannes Tschofenig
- Re: [TLS] TLS client puzzles David Adrian
- Re: [TLS] TLS client puzzles Yoav Nir
- Re: [TLS] TLS client puzzles Valery Smyslov
- Re: [TLS] TLS client puzzles Christian Huitema
- Re: [TLS] TLS client puzzles Geoffrey Keating
- Re: [TLS] TLS client puzzles Kyle Rose
- Re: [TLS] TLS client puzzles Kyle Rose
- Re: [TLS] TLS client puzzles Christian Huitema
- Re: [TLS] TLS client puzzles Kyle Rose
- Re: [TLS] TLS client puzzles Brian Smith
- [TLS] TLS client puzzles Dmitry Khovratovich
- Re: [TLS] TLS client puzzles Bill Cox