On Fri, 15 Jan 2016, Valery Smyslov wrote:
> > What does IPsec community think of it? Should we fix the protocol
> > to thwart this attack completely? Is the recommendation to move the
> > COOKIE to the end of the message enough to achive that?
> > Will this change break many existing implementations?
We (libreswan) did a little hardening on the cookie that will verify
unexpected cookies anyway, contrary to current RFC:
https://securityblog.redhat.com/2016/01/13/the-sloth-attack-and-ikeipsec/
Paul
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
