Client must provide a proof-of-work. There is no standard for that, so the only ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ximm 7 months ago \| parent \| context \| favorite \| on: Anubis saved our websites from a DDoS attack Client must provide a proof-of-work. There is no standard for that, so the only way is to implement the client-side code in javascript. It would be great if there was a standard for that so that all kinds of clients knew how to provide a proof of work, e.g. like this: `WWW-Authenticate: Proof-Of-Work difficulty=5 challenge=XYZ Authorization: Proof-Of-Work abc` Where sha256(abcXYZ) would have to start with at least 5 zeros.

some_furry 7 months ago [–]

Write an RFC draft, toss it at the IETF.

Seriously.

dfawcus 7 months ago | [–]

Then have the server error response vend the Anubis JS as a fallback?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact