[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Choosing between IKEv2 and JFK




The reason the IP was not included in the cookie computation is,   
quite simply, because I forgot to do that right after the meeting.
You may recall that I agreed with Dan during my presentation, when
he raised the point.

I'll just point out that this doesn't affect the security of the
protocol --- one could even view this as an implementation-specific
choice.
-Angelos

PS. There's an architectural-uncleanness argument one could make against
including network-layer identifiers in a higher-layer protocol; but I think
that in the realm of DDoS protection, one has to resort to measures like
this.