Christian Hopps writes:
> Will you be able to provide the text changes that would cover the
> issue you have? Would really like to get this submitted to IESG
> before another IETF cycle completes.
How about following:
--
2.5. Su
We will be meeting on Monday November 8th 12:00-14:00 UTC, so send me
agenda request as soon as possible so we get the agenda ready soon.
--
kivi...@iki.fi
___
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
Tero Kivinen wrote:
>> Even without surpassing the 64KB limit, this must be a concern.
>> IKEv2's cookie mechanism and puzzles try to increase the cost of the
>> attacker per each connection. Now, an attacker must still accept
>> these costs but can use one connection to trigger s
Tero Kivinen wrote:
> Christian Hopps writes:
>> Will you be able to provide the text changes that would cover the
>> issue you have? Would really like to get this submitted to IESG
>> before another IETF cycle completes.
> How about following:
works for me.
Hi
I'm not aware of any IKEv2 implementations that use puzzles.
I probably see cookies enabled in maybe 5% to 10% of deployments. On Cisco,
the cookie can be enabled if X number of 1/2 open sessions are seen, hence
it might not be active unless there is either some anomaly in the network
(GW rebo
