With my hat off, I like the idea of reorganizing the puzzle oriented content in
the draft to after the current section 4-6 content. IMHO, I think this could
improve the flow and organization of the document.
Dave
> -Original Message-
> From: tpa...@apple.com [mailto:tpa...@apple.com]
>
> On 4 Mar 2016, at 5:29 PM, Paul Wouters wrote:
>
>> On Tue, Mar 1, 2016 at 9:03 PM, Waltermire, David A. (Fed)
>> wrote:
>> All:
>>
>> With the draft-ietf-ipsecme-ddos-protection-04 freshly minted, I
>> believe the draft is shaping up
> On 6 Mar 2016, at 5:28 PM, Graham Bartlett (grbartle)
> wrote:
>
> Hi
>
> The only case I could imagine that this could occur is if the Initiators
> Nonce and KE were purposely made very small and the Initiator did not
> perform any validation on this, sending it¹s own
Hi
The only case I could imagine that this could occur is if the Initiators
Nonce and KE were purposely made very small and the Initiator did not
perform any validation on this, sending it¹s own reply where the KE and
Nonce were considerably larger.
I¹ve seen an amplification attack, where an
Hi Scott,
please see inline.
ppk_indicator = PRF(PRF(ppk, "A"), ppk_indicator_input)
This proposal has the following advantages.
1. Reusing existing IKEv2 registry
2. Better interoperability, since the PRF transform is mandatory in the SA
payload
in IKEv2 and the responder can always