[TLS] TLS Client Puzzles

Erik Nygren <erik+ietf@nygren.org> Thu, 02 July 2015 21:40 UTC

Return-Path: <nygren@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 0FA8D1A8740 for <tls@ietfa.amsl.com>; Thu, 2 Jul 2015 14:40:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id A63uMZ-bXo-N for <tls@ietfa.amsl.com>; Thu, 2 Jul 2015 14:40:21 -0700 (PDT)
Received: from mail-ie0-x231.google.com (mail-ie0-x231.google.com [IPv6:2607:f8b0:4001:c03::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4FEAE1A872B for <tls@ietf.org>; Thu, 2 Jul 2015 14:40:21 -0700 (PDT)
Received: by ieqy10 with SMTP id y10so65851786ieq.0 for <tls@ietf.org>; Thu, 02 Jul 2015 14:40:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:content-type; bh=nLGBQZdJQzOkMKNLYuSpbnhPHM5I42/ZiZRZqIBnpa8=; b=dJ8RFANhYNM0V5X8TQIYuEFANbdb118McSQyUUc4rsIc1LwWG7CFHwM/J3rKWMSoTj /Nx2va/jutU4FzaN5sRQsqL6WRl1wHMZv54okDzBGi9CYdtO7tzegwYwmCxDcPAbWyY2 Z3Fx7P9JW+OtAqmN0tUwz5S0p9hqrKT/HECxxh4kfhSwrzgdm2LLI32Hb+sgVLZLxlAE vtUp2QHQxB5JGNVGDyNzrQ9ffT9AkiMaAhKMClh06mKJxkaUP5OTDpMzotAL8hlIOlD6 hCExOzYS70X+KCs5qaOCA1RiMQvJKjQ4YZqU2ruvivM9WTFjdJPxHAsghuyJBnoIl19A nCtA==
MIME-Version: 1.0
X-Received: by with SMTP id g70mr51215829iog.23.1435873220817; Thu, 02 Jul 2015 14:40:20 -0700 (PDT)
Sender: nygren@gmail.com
Received: by with HTTP; Thu, 2 Jul 2015 14:40:20 -0700 (PDT)
Date: Thu, 2 Jul 2015 17:40:20 -0400
X-Google-Sender-Auth: cINjHuPIYXdkiXFliR39zRVlN5E
Message-ID: <CAKC-DJjfq_Lw6ovX=sVFt3=4q_4CYo_N79PZFx+LrGj7DbLK+w@mail.gmail.com>
From: Erik Nygren <erik+ietf@nygren.org>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary=001a1140407844fc8e0519eb4947
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/qHyFCgO22_q-ejx7G882Q8nK5y4>
Subject: [TLS] TLS Client Puzzles
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jul 2015 21:40:23 -0000

Following a discussion last year in Denver, I've written up a proposal
for a TLS Client Puzzles extension.  It is specific to TLS 1.3 in that
it is constructed using the HelloRetryRequest request flow (although
it could be adapted to HelloVerifyRequest with prior versions of DTLS).

The puzzles here are placeholders meant as a starting-point for discussion
(and also take in some feedback from discussions on this list last year)
and will likely evolve.


---------- Forwarded message ----------
From: <internet-drafts@ietf.org>
Date: Thu, Jul 2, 2015 at 5:30 PM
Subject: New Version Notification for draft-nygren-tls-client-puzzles-00.txt
To: Erik Nygren <erik+ietf@nygren.org>

A new version of I-D, draft-nygren-tls-client-puzzles-00.txt
has been successfully submitted by Erik Nygren and posted to the
IETF repository.

Name:           draft-nygren-tls-client-puzzles
Revision:       00
Title:          TLS Client Puzzles Extension
Document date:  2015-07-02
Group:          Individual Submission
Pages:          12

   Client puzzles allow a TLS server to defend itself against asymmetric
   DDoS attacks.  In particular, it allows a server to request clients
   perform a selected amount of computation prior to the server
   performing expensive cryptographic operations.  This allows servers
   to employ a layered defense that represents an improvement over pure
   rate-limiting strategies.

   Client puzzles are implemented as an extension to TLS 1.3
   [I-D.ietf-tls-tls13] wherein a server can issue a HelloRetryRequest
   containing the puzzle as an extension.  The client must then resend
   its ClientHello with the puzzle results in the extension.

Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat