On Thu, 11 Nov 2021, Tero Kivinen wrote:
My suggestion (as an individual not as a chair) is to add text to
security considerations section where we point out that
implementations should limit the number of IKE_INTERMEDIATE exchanges
they allow to something sensible, like 10 or so.
These are exchanges we are doing before authentication so limiting the
number of them is something we want to do anyways.
I agree.
Note, currently our implementation supports a maximum of 1 :)
Paul
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
