Hi,
in Buenos-Aires it was expressed a proposal to split
the DDoS protection draft into two. One of them would
describe possible kinds of (D)DoS attacks and would
suggest some counter measures to thwart them without
introducing anything new into the IKEv2 protocol.
The other document (with Experimental status) would
describe the puzzles and would define a new IKEv2
extension defending against (D)DoS attacks using puzzles.
The main motivation for such a proposal was a concern
that puzzles mechanism would not be as effective as it was initially
intended to be, and might even make things worse for
"small" devices.
On the other hand, if we go this way and give the puzzles stuff
an Experimantal status, then probably very few vendors (if any)
will implement it and the real problem of defending against
(D)DoS attacks will remain unaddressed.
So, what folks think about this proposal?
Regards,
Valery & Yoav.
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
