Bora Akyol wrote: > Joe > > What is the difference between AnonIKE and having the same > pre-shared key (as in preshared_key ="anonIKE") in all of the points of > interest? That's something we're looking into. Far as I can tell right now, using unauthenticated certificates (i.e., where the CA isn't checked) is equivalent to a longer nonce. There may be some value to using a longer nonce - I don't know enough about the diffie-hellman exchange to determine that. Otherwise, though, they should be equivalent. > I think this would get you the same effect. I also fail to see what is > so scary about adding the ACK response to RST to TCP as described in > tcpm draft that came out. Your argument in the draft does not > actually show a fundamental problem with this approach. The draft is not intended to go into that level of detail, but to refer to discussions on the TCPM mailing list which will hopefully go into an update of the RST-modification draft. One concern is a RST ACK storm. A RST is intended to be a unilateral connection abort; replying to that sort of thing, depending on the state of the source, can cause oscillation. > Finally, as is widely discussed, IKEv1 is not the most robust protocol > as far as responsiveness to DOS attacks. By requiring these nodes to do > IKE, I think we would opening ourselves up for more problems. > > Regards, > > Bora I don't appreciate enough of the details between IKEv1 and IKEv2 to understand whether that would solve the problem. I would presume that IKE would be rate-limited, i.e., the same way SYN processing is for TCP, to protect new association requests from assaulting existing associations. Is that the issue with DOS for IKEv1, or is there something more specific? Joe
Attachment:
signature.asc
Description: OpenPGP digital signature