[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKEv2 & DoS protection

To: ekr@rtfm.com, andrew.krywaniuk@alcatel.com
Subject: Re: IKEv2 & DoS protection
From: Radia Perlman - Boston Center for Networking <Radia.Perlman@sun.com>
Date: Thu, 6 Dec 2001 12:55:47 -0500 (EST)
Cc: ipsec@lists.tislabs.com
Reply-To: Radia Perlman - Boston Center for Networking <Radia.Perlman@sun.com>
Sender: owner-ipsec@lists.tislabs.com

Actually, it's easy to have IKEv2 have a stateless cookie in a 4 message
exchange. Dan and Charlie and I argued about it. The way to
do a 4 message exchange is to have Alice repeat her info from
message 1 in message 3. We mentioned this in our paper, and I
believe Ran's proposal also did that. I was actually arguing for
that, but the arguments against it were:

a) with DDOS, the cookie doesn't help much, so it would be a rare
case where it mattered
b) assuming the most common

Prev by Date: Re: Please save the pre-shared key mode
Next by Date: RE: Please save the pre-shared key mode
Prev by thread: IKEv2 & DoS protection
Next by thread: Re: Comments on IKEv2
Index(es):
- Main
- Thread