W3C home > Mailing lists > Public > public-credentials@w3.org > June 2015

Re: Mitigating DDoS via Proof of Patience

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Sun, 28 Jun 2015 15:57:05 +0200
Message-ID: <CAKaEYh+gP-7qFa6-EgWfxVh9rqUuTjbz+pWg2XYfA7=C+aFwOQ@mail.gmail.com>
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: Credentials Community Group <public-credentials@w3.org>
On 28 June 2015 at 08:12, Manu Sporny <msporny@digitalbazaar.com> wrote:

> Keeping the Credentials CG in the loop...
> We're in the process of building out some of the Decentralized Hash
> Table functionality for the identifiers that we expect will be needed
> for credential portability. Part of this work requires that the
> decentralized identifiers should be protected from distributed denial of
> service attacks. We have created a new type of proof, called a "Proof of
> Patience", that helps mitigate against these sorts of attacks in a way
> that is more effective than proof of work.
> The technology has been written up in IETF RFC form and published here:
> https://tools.ietf.org/html/draft-sporny-http-proofs-01

Nice work!

Some comments:

1. Why another IANA registry rather than just use the web?

2. re: "How do you determine legitimate requests for a resource without
pre-registration?" -- surely a web of trust is the primary solution here?

3. I'm not sure I see the relation to DHT, and credential portability here
or how it fits into the bigger picture.  In my world credential portability
is achieved using # URIs.  Isnt this a much more complex way to solve the
problem that would take potentially many years to get adoption by clients?

> Abstract
>    For a client to access a particular resource on the Web, a server
>    must expend a certain amount of computational effort to respond to
>    the request.  In some cases this computational effort is sizeable and
>    the server may want to only respond to certain clients.  For example,
>    in a distributed denial-of-service attack, a server may require all
>    clients to expend a certain amount of resources via a client-run
>    proof-of-work algorithm to throttle the number of incoming requests
>    to a more manageable number.  This document details a new
>    authentication scheme for HTTP that may be used to request and
>    transmit proofs in HTTP headers.
> -- manu
> --
> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
> Founder/CEO - Digital Bazaar, Inc.
> blog: Web Payments: The Architect, the Sage, and the Moral Voice
> https://manu.sporny.org/2015/payments-collaboration/
Received on Sunday, 28 June 2015 13:57:34 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:17:46 UTC