Tero Kivinen <kivi...@iki.fi> wrote:
>> Even without surpassing the 64KB limit, this must be a concern.
>> IKEv2's cookie mechanism and puzzles try to increase the cost of the
>> attacker per each connection. Now, an attacker must still accept
>> these costs but can use one connection to trigger several key
>> exchanges, all significantly larger than what we had with DH, making
>> the trade-off way better for them compared to non-pqc IKEv2.
> No it cannot. Attacker can use cookie only once, and will only get one
> exchange created by each cookie exchange, thus it needs to do puzzles
> and cookies again for every single attack packet it wants to send.
I wonder if anyone has any stats on how often cookie challenge is used, how
often puzzles are invoked.
> So I do not think DoS attack properties of the IKEv2 is at all
> modified with addition to the multiple ke, or beyond 64k limit drafts.
I agree.
IKEv2 is not SSLv3.
--
Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
