[dogma1138]

Not necessarily, DoS is all about asymmetry if it's 1:1 then yeah but if this only requires a handful of packets to cause the same resource exhaustion as 1000s or 10000s of normal SSL sessions then this is an issue.

You can't bring a site down from your phone normally if there is a CPU eating bug on the other hand you can.

[duskwuff]

Right, of course. I just don't see any reason that there would be an especially high "multiplier" on this vulnerability. A spurious SSL warning doesn't require the server to do anything particularly expensive; it just requires it to look at the ID, realize it's something weird that it doesn't recognize, and move on.