[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SOI QUESTION: 3.1 DoS protection




Notes from the chair:

This next set of questions address the issues listed in section 3 of the
soi-features I-D, "Protocol Mechanics".


Please discuss and answer:

3.1 DoS protection

3.1.A) WRT DOS attacks that exhaust memory or CPU resources, is it more 
important to always keep the message count at 4, or is it acceptable to add 
an additional roundtrip of messages when the responder thinks he's under 
attack?

3.1.B) WRT UDP fragmentation attack protection, both IKEv2 and JFK provide 
basically equivalent protection. Does anyone care about the details of how 
JFK or IKEv2 provide this functionality.

3.1.C) Is it important to have precomputation of exponentials available for 
use as a mechanism for protecting against cpu consumption attacks?

Implications from the scenarios:

[none]