[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
new I-D
I've just submitted a new I-D about the "transient pseudo-NAT" attack
which was discovered for mobility signaling but applies to IKE with
a "NAT traversal" facility. My plan is to revise my IPsec vs. Mobile IPv6
I-D and to add a section about IKEv2 with:
- an optional protection for transport headers (i.e., real source
and destination addresses)
- a discussion about to use or not addresses in identities
(cf. the "addresses and IKEv2" thread)
- a generalized cookie request mechanism (return routability check)
- etc.
Francis.Dupont@enst-bretagne.fr