Re: Mitigating DDoS via Proof of Patience from David Nicol on 2015-07-04 (public-webpayments@w3.org from July 2015)

From: David Nicol <davidnicol@gmail.com>
Date: Sat, 4 Jul 2015 00:21:37 -0500
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: Web Payments <public-webpayments@w3.org>
Message-ID: <CAFwScO-6KdMWptCvOUGCE7M2PRLeifk_Wkm5sc=pb42_uw5Y2A@mail.gmail.com>

based on the name alone -- "proof of patience" -- I'm imagining something
similar to the spam prevention technique of "greylisting" which is nicely
described at https://en.wikipedia.org/wiki/Greylisting



On Sun, Jun 28, 2015 at 1:14 AM, Manu Sporny <msporny@digitalbazaar.com>
wrote:

> Keeping the Web Payments CG in the loop...
>
> We're in the process of building out some of the Decentralized Hash
> Table functionality for the identifiers that we expect will be needed
> for credential portability (which are necessary for Web Payments Know
> Your Customer and Anti-Money Laundering requirements).
>
> Part of this work requires that the decentralized identifiers should be
> protected from distributed denial of service attacks. We have created a
> new type of proof, called a "Proof of Patience", that helps mitigate
> against these sorts of attacks in a way that is more effective than
> proof of work.
>
> The technology has been written up in IETF RFC form and published here:
>
> https://tools.ietf.org/html/draft-sporny-http-proofs-01
>
> Abstract
>
>    For a client to access a particular resource on the Web, a server
>    must expend a certain amount of computational effort to respond to
>    the request.  In some cases this computational effort is sizeable and
>    the server may want to only respond to certain clients.  For example,
>    in a distributed denial-of-service attack, a server may require all
>    clients to expend a certain amount of resources via a client-run
>    proof-of-work algorithm to throttle the number of incoming requests
>    to a more manageable number.  This document details a new
>    authentication scheme for HTTP that may be used to request and
>    transmit proofs in HTTP headers.
>
> -- manu
>
> --
> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
> Founder/CEO - Digital Bazaar, Inc.
> blog: Web Payments: The Architect, the Sage, and the Moral Voice
> https://manu.sporny.org/2015/payments-collaboration/
>
>
>


-- 
Automated spelling checkers inhibit natural orthographic drift

Received on Saturday, 4 July 2015 05:22:07 UTC