Protecting Internet Key Exchange Protocol Version 2 (IKEv2) Implementations from Distributed Denial-of-Service Attacks
draft-ietf-ipsecme-ddos-protection-10
Technical Summary
This document is a standards track submission that recommends
implementation and configuration best practices for Internet Key
Exchange Protocol version 2 (IKEv2) Responders, to allow them to resist
Denial of Service and Distributed Denial of Service attacks.
Additionally, the document introduces a new mechanism called "Client
Puzzles" that help accomplish this task.
Working Group Summary
The document was reviewed by several regular WG participants. Changes
suggested by the chairs and participants resulted in a good deal of
discussion and revisions to improve the document. The submitted draft
represents solid WG consensus.
Document Quality
No implementations are currently known, but multiple WG members have
expressed an interest in implementing the guidance in this document.
Personnel
Kathleen Moriarty is the responsible Area Director.
Dave Waltermire is the document shepherd.
IANA Note
This document adds a new entry to the 'IKEv2 Payload Types' registry.