[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SOI QUESTION: 3.1 DoS protection
Notes from the chair:
This next set of questions address the issues listed in section 3 of the
soi-features I-D, "Protocol Mechanics".
Please discuss and answer:
3.1 DoS protection
3.1.A) WRT DOS attacks that exhaust memory or CPU resources, is it more
important to always keep the message count at 4, or is it acceptable to add
an additional roundtrip of messages when the responder thinks he's under
attack?
3.1.B) WRT UDP fragmentation attack protection, both IKEv2 and JFK provide
basically equivalent protection. Does anyone care about the details of how
JFK or IKEv2 provide this functionality.
3.1.C) Is it important to have precomputation of exponentials available for
use as a mechanism for protecting against cpu consumption attacks?
Implications from the scenarios:
[none]