16 Jan
2014
16 Jan
'14
3:49 p.m.
On Thu, 16 Jan 2014 13:35:00 -0600, Jimmy Hess said:
Then the client's UDP stack must construct and send a Hashcash proof of work, of sufficient difficulty based on the estimated query plus response size, up to the first full round trip; containing a message digest of the first UDP packet the client will send, before sending the packet, or it will be silently discarded.
An out-of-band reply will come back to the claimed source, that the client souce IP:Port has to acknowledge within 5 packets. Once the out-of-band reply is acknowledged, the source is confirmed not to be spoofed.
How is this any better than a TCP 3-packet handshake with syncookies?