Cryptographic Proofs for HTTP Messages

Cryptographic Proofs for HTTP Messages, a thought experiment.

For a client to access a particular resource on the Web, a server must
expend a certain amount of computational effort to respond to the
request. In some cases this computational effort is large and the server
may want to only respond to certain clients.

For example, in a distributed denial-of-service attack scenario, a
server may require all clients to expend a certain amount of resources
via a client-run proof-of-work algorithm to throttle the number of
incoming requests to a more manageable number. This document details a
few HTTP Headers that may be used to request and transmit cryptographic
mathematical proofs in HTTP headers.

Proofs of work might be interesting for HTTP. Specifically, when you
have a public resource where you don't want to authenticate users, but
you do want to be able to throttle requests. For example, proxies, URL
redirection services, and CDNs could benefit from these sorts of
services to mitigate distributed denial-of-service attacks.

Systems where all clients slam a particular endpoint, like
high-frequency trading systems, could use such a mechanism to
purposefully slow incoming requests. Block-chain-like systems could use
this mechanism as a native way to access shared databases (like a
decentralized ledger). There may be more uses, but those are the ones
that inspired this specification.

This is just a thought exercise, playing around with merging some
blockchain technology into HTTP requests. The document is very rough, I
just put it together in an hour without thinking about it too deeply.
I'm not suggesting we pick up this work in this group, it's very
experimental and I'm not yet convinced it's a good idea. I'm throwing it
out to the Internet in the hopes that others will have some thoughts on it.

-- manu

Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: The Marathonic Dawn of Web Payments

Received on Wednesday, 27 August 2014 03:58:24 UTC