Re: [TLS] Fwd: New Version Notification for draft-vkrasnov-tls-jumpstart-00.txt
Vlad Krasnov <vlad@cloudflare.com> Fri, 15 May 2015 06:14 UTC
Return-Path: <vlad@cloudflare.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3EEE1A92B2 for <tls@ietfa.amsl.com>; Thu, 14 May 2015 23:14:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Epmt5of3Jkh6 for <tls@ietfa.amsl.com>; Thu, 14 May 2015 23:14:30 -0700 (PDT)
Received: from mail-wi0-x231.google.com (mail-wi0-x231.google.com [IPv6:2a00:1450:400c:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E56851A9239 for <tls@ietf.org>; Thu, 14 May 2015 23:14:29 -0700 (PDT)
Received: by wibt6 with SMTP id t6so44733549wib.0 for <tls@ietf.org>; Thu, 14 May 2015 23:14:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=5GsieQfsoK6WGtQM1jPahI0aTglnyTuhaqHjVuQXr88=; b=xOTqgegtOP+rL7IThnnnLoHv8sYMikZXYFc3ab6T1E5Ti+nL9QALDQpyS2/1D+LanA LxUZeHnMoSWfZiQVxj2hW/TX5H/5CLUuRa+QEs8jWLQoSd9YBi7nXlAxH7pI4yrjMmB4 JqHJd5Ic5mwqCx7zQPtwIwKntm2zZETs1Q0Zk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=5GsieQfsoK6WGtQM1jPahI0aTglnyTuhaqHjVuQXr88=; b=XybuqBZ0lVGjaKDkpm3eCWkkVZhchrGi+rRQEx6b9/nvcyh+aBWnlwnfNr6sp0ijgw +ZrNMloU+siGbg1SMQwBVUdw1mAILjzNDhEbukiBT2m6dP4yd5K9TjF0nJSRtDt/pVGO k8mYakctZEcBgdWq8/njAg5ceGqPYm0UL3Q0bTDdx8LMHqF2AD4748LSjBATJXHI6Xu/ 3deIByWS/iAgVBTThd+Vuw71LXgtO/xg+Jkj6HU80Y7tyC00Kwz9MfCrWHrnJm9x1tWT KOXU/Hyhfr/kmvKOrhiQKDRUVFjgr9DRWXhVtpgC3lG8oaQ6QK3eH+1O4EjJl+BBiFGX +ArA==
X-Gm-Message-State: ALoCoQn3YFbpQ/421e7nwvgzf0DuR1PoGAe3BPUGwi5TL20ZU9W8QpvZ44lYxddVH11NE5wggUiN
X-Received: by 10.194.176.225 with SMTP id cl1mr14796291wjc.45.1431670468706; Thu, 14 May 2015 23:14:28 -0700 (PDT)
Received: from [192.168.0.3] (cpc12-lewi13-2-0-cust138.2-4.cable.virginm.net. [82.22.12.139]) by mx.google.com with ESMTPSA id mc20sm1297415wic.15.2015.05.14.23.14.27 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 14 May 2015 23:14:27 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_13D9DA84-FF32-471F-8143-13A74C10F135"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
From: Vlad Krasnov <vlad@cloudflare.com>
In-Reply-To: <8e1f4f150dc248e8b47af7e6c33a5376@ustx2ex-dag1mb4.msg.corp.akamai.com>
Date: Fri, 15 May 2015 07:14:26 +0100
Message-Id: <624E2A34-1421-443C-A03C-E86259BCF590@cloudflare.com>
References: <20150513193848.6725.71264.idtracker@ietfa.amsl.com> <31102898-FF04-49BB-9DCB-5BBF60E7D26E@cloudflare.com> <8e1f4f150dc248e8b47af7e6c33a5376@ustx2ex-dag1mb4.msg.corp.akamai.com>
To: "Salz, Rich" <rsalz@akamai.com>
X-Mailer: Apple Mail (2.2098)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/h0suomVS5HG1Zv3dVToVaImAEA0>
Cc: Olafur Gudmundsson <olafur@cloudflare.com>, "tls@ietf.org" <tls@ietf.org>, John Graham-Cumming <jgc@cloudflare.com>
Subject: Re: [TLS] Fwd: New Version Notification for draft-vkrasnov-tls-jumpstart-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 May 2015 06:14:32 -0000
The idea is that the server does not have to respond at all. If there is an oncoming attack, the server can operate in legacy mode and the client does not need to know. It also does not have to respond to every single request. Moreover the server can choose the amount of history it wants to keep under normal operation, and to not increase it further, until some are completed or timed out. Also for ECDHE and regular RSA connection the cost of a ServerHello is negligible. > On 15 May 2015, at 02:55, Salz, Rich <rsalz@akamai.com> wrote: > > If an adversary just wants to DoS your server, they don’t care if you respond or not, and can trivially send thousands of clientHello messages with spoofed IP address. Or am I missing something obvious? It’s like DNS flooding, but with extra CPU cost, isn’t it? > > -- > Senior Architect, Akamai Technologies > IM: richsalz@jabber.at <mailto:richsalz@jabber.at> Twitter: RichSalz
- [TLS] Fwd: New Version Notification for draft-vkr… Vlad Krasnov
- Re: [TLS] Fwd: New Version Notification for draft… Salz, Rich
- Re: [TLS] Fwd: New Version Notification for draft… Vlad Krasnov