|
|
|
|
|
|
by keeperofdakeys
3872 days ago
|
|
|
Where is "somewhere", the kernel only has a finite amount of memory. It's still a denial of service, whether it occurs in the kernel, or a user-space program. The point is that in order to service legitimate clients, the initial request must be buffered somewhere. For the 1rtt case, the request isn't sent till the TLS connection has been established. The attackers would have to keep track of these TLS connections, so this doesn't seem like a DoS vector. For 0rtt the attackers might not need to keep track of state, allowing them to simply send TLS 1.3 requests, and overload the server's memory. My question is whether this is a legitimate concern. |
|
|