Hi I'm not aware of any IKEv2 implementations that use puzzles.
I probably see cookies enabled in maybe 5% to 10% of deployments. On Cisco, the cookie can be enabled if X number of 1/2 open sessions are seen, hence it might not be active unless there is either some anomaly in the network (GW reboot and all clients connecting at the same time), or DoS attack (never seen in real life). cheers On Sun, Oct 31, 2021 at 7:05 PM Michael Richardson <mcr+i...@sandelman.ca> wrote: > > Tero Kivinen <kivi...@iki.fi> wrote: > >> Even without surpassing the 64KB limit, this must be a concern. > >> IKEv2's cookie mechanism and puzzles try to increase the cost of the > >> attacker per each connection. Now, an attacker must still accept > >> these costs but can use one connection to trigger several key > >> exchanges, all significantly larger than what we had with DH, making > >> the trade-off way better for them compared to non-pqc IKEv2. > > > No it cannot. Attacker can use cookie only once, and will only get > one > > exchange created by each cookie exchange, thus it needs to do puzzles > > and cookies again for every single attack packet it wants to send. > > I wonder if anyone has any stats on how often cookie challenge is used, how > often puzzles are invoked. > > > So I do not think DoS attack properties of the IKEv2 is at all > > modified with addition to the multiple ke, or beyond 64k limit > drafts. > > I agree. > > IKEv2 is not SSLv3. > > -- > Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting ) > Sandelman Software Works Inc, Ottawa and Worldwide > > > > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec >
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
