Tero Kivinen <[email protected]> wrote: >> Even without surpassing the 64KB limit, this must be a concern. >> IKEv2's cookie mechanism and puzzles try to increase the cost of the >> attacker per each connection. Now, an attacker must still accept >> these costs but can use one connection to trigger several key >> exchanges, all significantly larger than what we had with DH, making >> the trade-off way better for them compared to non-pqc IKEv2.
> No it cannot. Attacker can use cookie only once, and will only get one
> exchange created by each cookie exchange, thus it needs to do puzzles
> and cookies again for every single attack packet it wants to send.
I wonder if anyone has any stats on how often cookie challenge is used, how
often puzzles are invoked.
> So I do not think DoS attack properties of the IKEv2 is at all
> modified with addition to the multiple ke, or beyond 64k limit drafts.
I agree.
IKEv2 is not SSLv3.
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
