Re: [IPsec] WGLC on draft-ietf-ipsecme-ddos-protection-04

With my hat off, I like the idea of reorganizing the puzzle oriented content in the draft to after the current section 4-6 content. IMHO, I think this could improve the flow and organization of the document. Dave > -Original Message- > From: tpa...@apple.com [mailto:tpa...@apple.com] >

Re: [IPsec] WGLC on draft-ietf-ipsecme-ddos-protection-04

> On 4 Mar 2016, at 5:29 PM, Paul Wouters wrote: > >> On Tue, Mar 1, 2016 at 9:03 PM, Waltermire, David A. (Fed) >> wrote: >> All: >> >> With the draft-ietf-ipsecme-ddos-protection-04 freshly minted, I >> believe the draft is shaping up

Re: [IPsec] WGLC on draft-ietf-ipsecme-ddos-protection-04

> On 6 Mar 2016, at 5:28 PM, Graham Bartlett (grbartle) > wrote: > > Hi > > The only case I could imagine that this could occur is if the Initiators > Nonce and KE were purposely made very small and the Initiator did not > perform any validation on this, sending it¹s own

Re: [IPsec] WGLC on draft-ietf-ipsecme-ddos-protection-04

Hi The only case I could imagine that this could occur is if the Initiators Nonce and KE were purposely made very small and the Initiator did not perform any validation on this, sending it¹s own reply where the KE and Nonce were considerably larger. I¹ve seen an amplification attack, where an

Re: [IPsec] draft-fluhrer-qr-ikev2-01

Hi Scott, please see inline. ppk_indicator = PRF(PRF(ppk, "A"), ppk_indicator_input) This proposal has the following advantages. 1. Reusing existing IKEv2 registry 2. Better interoperability, since the PRF transform is mandatory in the SA payload in IKEv2 and the responder can always