IETF Logo Mail Archive

Re: [TLS] Fwd: New Version Notification for draft-vkrasnov-tls-jumpstart-00.txt

"Salz, Rich" <rsalz@akamai.com> Fri, 15 May 2015 01:55 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F0F11B2D4A for <tls@ietfa.amsl.com>; Thu, 14 May 2015 18:55:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.61
X-Spam-Level:
X-Spam-Status: No, score=-2.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pu21N-DNc2y6 for <tls@ietfa.amsl.com>; Thu, 14 May 2015 18:55:10 -0700 (PDT)
Received: from prod-mail-xrelay06.akamai.com (prod-mail-xrelay06.akamai.com [96.6.114.98]) by ietfa.amsl.com (Postfix) with ESMTP id DE9C41B2D42 for <tls@ietf.org>; Thu, 14 May 2015 18:55:09 -0700 (PDT)
Received: from prod-mail-xrelay06.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 21D37165E5A; Fri, 15 May 2015 01:55:09 +0000 (GMT)
Received: from prod-mail-relay09.akamai.com (prod-mail-relay09.akamai.com [172.27.22.68]) by prod-mail-xrelay06.akamai.com (Postfix) with ESMTP id 16777165E58; Fri, 15 May 2015 01:55:09 +0000 (GMT)
Received: from email.msg.corp.akamai.com (ustx2ex-cas4.msg.corp.akamai.com [172.27.25.33]) by prod-mail-relay09.akamai.com (Postfix) with ESMTP id 126EF1E07E; Fri, 15 May 2015 01:55:09 +0000 (GMT)
Received: from USTX2EX-DAG1MB4.msg.corp.akamai.com (172.27.27.104) by ustx2ex-dag1mb1.msg.corp.akamai.com (172.27.27.101) with Microsoft SMTP Server (TLS) id 15.0.1076.9; Thu, 14 May 2015 20:55:08 -0500
Received: from USTX2EX-DAG1MB4.msg.corp.akamai.com ([172.27.6.134]) by ustx2ex-dag1mb4.msg.corp.akamai.com ([172.27.6.134]) with mapi id 15.00.1076.000; Thu, 14 May 2015 20:55:08 -0500
From: "Salz, Rich" <rsalz@akamai.com>
To: Vlad Krasnov <vlad@cloudflare.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Fwd: New Version Notification for draft-vkrasnov-tls-jumpstart-00.txt
Thread-Index: AQHQjlq46CW6qi1NDkijh9Axl1/L0Z18RsRg
Date: Fri, 15 May 2015 01:55:08 +0000
Message-ID: <8e1f4f150dc248e8b47af7e6c33a5376@ustx2ex-dag1mb4.msg.corp.akamai.com>
References: <20150513193848.6725.71264.idtracker@ietfa.amsl.com> <31102898-FF04-49BB-9DCB-5BBF60E7D26E@cloudflare.com>
In-Reply-To: <31102898-FF04-49BB-9DCB-5BBF60E7D26E@cloudflare.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.43.219]
Content-Type: multipart/alternative; boundary="_000_8e1f4f150dc248e8b47af7e6c33a5376ustx2exdag1mb4msgcorpak_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/luRbHDG4BPHxZjmiljR1mJOyZ8g>
Cc: Olafur Gudmundsson <olafur@cloudflare.com>, John Graham-Cumming <jgc@cloudflare.com>
Subject: Re: [TLS] Fwd: New Version Notification for draft-vkrasnov-tls-jumpstart-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 May 2015 01:55:15 -0000

If an adversary just wants to DoS your server, they don't care if you respond or not, and can trivially send thousands of clientHello messages with spoofed IP address.  Or am I missing something obvious?  It's like DNS flooding, but with extra CPU cost, isn't it?

--
Senior Architect, Akamai Technologies
IM: richsalz@jabber.at Twitter: RichSalz

v2.23.0 | Report a Bug | By Email