Yoav Nir <ynir.i...@gmail.com> wrote:
>>> Tero Kivinen <kivi...@iki.fi> wrote:
>>>>> Even without surpassing the 64KB limit, this must be a concern.
>>>>> IKEv2's cookie mechanism and puzzles try to increase the cost of the
>>>>> attacker per each connection. Now, an attacker must still accept
>>>>> these costs but can use one connection to trigger several key
>>>>> exchanges, all significantly larger than what we had with DH, making
>>>>> the trade-off way better for them compared to non-pqc IKEv2.
>>>
>>>> No it cannot. Attacker can use cookie only once, and will only get one
>>>> exchange created by each cookie exchange, thus it needs to do puzzles
>>>> and cookies again for every single attack packet it wants to send.
>>>
>>> I wonder if anyone has any stats on how often cookie challenge is used,
how
>>> often puzzles are invoked.
>>
>> I've implemented puzzles, but I'm not aware of any other implementation.
>>
>> What about cookies - in stress tests they are used very intensively.
>> But I don't have any real life stats for them.
>>
>> Regards,
>> Valery.
> I also implemented puzzles. So that makes two of us.
Did you ever interop?
What is your criteria for enabling them? Do you do this automatically, or is
it an operator configuation to demand them?
--
Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
