I haven't had time to read the draft-ietf-ipsecme-ipsecha-protocol-02
completely yet, but while looking at the slides in the WG meeting, I
noticed one serious problem.
The IKEV2_MESSAGE_ID_SYNC and IPSEC_REPLAY_COUNTER_SYNC messages do
not follow Notification payload syntax.
For the IKEV2_MESSAGE
I did review the draft-ietf-ipsecme-failure-detection before the WG
meeting and some of the comments I have here already have tickets so
no need to add them second time:
--
Comments to draft-ietf-ipsecme-failure-detection:
Sectio
I started to think whether there are other possible attacks against
QCD and found one which might be possible if implementations do not
take care of it. The IKE SPIs are allocated during the IKE_SA_INIT.
The IKEv2 SA is really created during the IKE_AUTH. This means there
is a possibility that some
