> On 10 Nov 2021, at 16:41, Michael Richardson wrote:
>
>
> Yoav Nir wrote:
Tero Kivinen wrote:
>> Even without surpassing the 64KB limit, this must be a concern.
>> IKEv2's cookie mechanism and puzzles try to increase the cost of the
>> attacker per each connection. Now,
Hi Michael,
> >> I've implemented puzzles, but I'm not aware of any other
> implementation.
> >>
> >> What about cookies - in stress tests they are used very intensively.
> >> But I don't have any real life stats for them.
> >>
> >> Regards,
> >> Valery.
>
> > I
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IP Security Maintenance and Extensions WG of
the IETF.
Title : Definitions of Managed Objects for IP Traffic Flow
Security
Authors : Don Fedyk
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IP Security Maintenance and Extensions WG of
the IETF.
Title : A YANG Data Model for IP Traffic Flow Security
Authors : Don Fedyk
On Thu, 11 Nov 2021, Tero Kivinen wrote:
My suggestion (as an individual not as a chair) is to add text to
security considerations section where we point out that
implementations should limit the number of IKE_INTERMEDIATE exchanges
they allow to something sensible, like 10 or so.
These are
Hi Tommy,
All good points. Thanks.
Please see inline.
Cheers,
Med
> -Message d'origine-
> De : IPsec De la part de Tommy Pauly
> Envoyé : jeudi 11 novembre 2021 15:08
> À : Tero Kivinen ; ipsec@ietf.org
> Objet : Re: [IPsec] WG Adoption call for draft-btw-add-ipsecme-ike
>
> I
Valery Smyslov writes:
> So, the question to the WG is - what should we do with this:
>
> 1. Re-define calculation of IntAuth to make it constant in size.
> This will most probably require another WGLC and will break
> interoperablity of existing products. The latter seems not so
>
I support adoption of this work. The mechanism of specifying the authentication
domain name and service parameters is sound, and the right direction.
I do agree with Paul Wouter’s comments, and I think the parts of the document
that deal with requirements for config requests need work. Ideally,
Hi Paul,
Please see inline.
Cheers,
Med
Orange Restricted
> -Message d'origine-
> De : Paul Wouters
> Envoyé : mercredi 10 novembre 2021 23:24
> À : BOUCADAIR Mohamed INNOV/NET
> Cc : Paul Wouters ; ipsec@ietf.org; draft-btw-add-
> ipsecme-...@ietf.org; Tero Kivinen
> Objet : Re: