Yaron Sheffer writes: > This is a call for adopting draft-nir-ipsecme-puzzles-00 as a WG > document. Please respond to this mail with a Yes or No and a short > rationale, at latest by Friday Sep. 26.
I think this problem is something we should consider, i.e start working on the solution to it. I have not yet seen any attacks, but if we get widespread IKEv2 uses in the future, I would expect all kind of DoS attacks are going to spread, and it would be good idea if we already have mechanism for protecting against them. We had good discussion about this last time, and I think this item requires bit more research to find out what would be the best way to do this, especially if we think about those adaptive formats we discussed in the meeting (i.e. where server can ask some work, and client can do as much work as he can afford, and server then decides whether that was enough or not). For IPv6 we might need to think bit more, as there we cannot blacklist known attackers that easily, so we might need to do something else there. So I think this is item we should work on, but I think there is quite a lot of research and work in here to get something that would be good way to solve this, and as we are not in hurry (meaning we are not seeing such attacks now), we can use some time to get really good solution out. -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
