On Wed, 16 Mar 2016, Michael Richardson wrote:
Tero Kivinen <[email protected]> wrote:
> What we could say in the DDoS draft is to add saying that IKEv1
> protocol is obsoleted, and will be common avenue for the DDoS attacks,
> and because of that it MUST be disabled.
> Or perhaps we need the IKEv1 considered harmful draft /
> ikev1-diediediediedie...
Yes, I would say so.
I'd even suggest that maybe it needs a CVE against products that have IKEv1
turned on by default.
No, because it is perfectly possible to implement IKEv1 without this
problem. Libreswan is moving towards that, see:
https://lists.libreswan.org/pipermail/swan-dev/2016-March/001394.html
Paul
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
