Hi Michael,
> Can we make the process more flexible?
> For example - the server may indicate two difficulty levels in
puzzle
> request - the desired one and the acceptable one.
> For example, the desired level is 20 bits and the acceptable level
is 16
> bits.
You are describing a situation where the server simply has multiple
queues, I
think. One for 20 bits, and probably one for each of 19,18,17,16, and
then
one for all solutions <16, including not supporting puzzles at all.
Yes, but the queues are virtual, the server is still stateless.
The server just takes a desicion on each request based on the
number of zero bits the client was able to get, the amount of time
it took the client, the number of puzzles the client has already
solved and the current server load.
If one further creates various queues based upon initiator IP, it seems
like
one can rather effectively adjust to situations of attack or not.
Yes, but again, the queues are virtual. All this information
must be encoded in cookie, so that the server remains stateless.
One concern: is the gateway, in selecting the complexity of the puzzle
giving
out information about it's current state of health? (Do we care?)
Yes, it reveals some information. But do we care and can we
avoid this? Even the sole fact that the server asks for puzzles reveals
the information that it feels itself under attack.
Regards,
Valery.
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
