Hi Michael, > Tero Kivinen <kivi...@iki.fi> wrote: > >> Even without surpassing the 64KB limit, this must be a concern. > >> IKEv2's cookie mechanism and puzzles try to increase the cost of the > >> attacker per each connection. Now, an attacker must still accept > >> these costs but can use one connection to trigger several key > >> exchanges, all significantly larger than what we had with DH, making > >> the trade-off way better for them compared to non-pqc IKEv2. > > > No it cannot. Attacker can use cookie only once, and will only get one > > exchange created by each cookie exchange, thus it needs to do puzzles > > and cookies again for every single attack packet it wants to send. > > I wonder if anyone has any stats on how often cookie challenge is used, how > often puzzles are invoked.
I've implemented puzzles, but I'm not aware of any other implementation. What about cookies - in stress tests they are used very intensively. But I don't have any real life stats for them. Regards, Valery. > > So I do not think DoS attack properties of the IKEv2 is at all > > modified with addition to the multiple ke, or beyond 64k limit drafts. > > I agree. > > IKEv2 is not SSLv3. > > -- > Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting ) > Sandelman Software Works Inc, Ottawa and Worldwide > > > _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
