Protecting Internet Key Exchange Protocol Version 2 (IKEv2) Implementations from Distributed Denial-of-Service Attacks
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: "IETF-Announce" <email@example.com> Cc: firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, Kathleen.Moriarty.email@example.com, firstname.lastname@example.org, "David Waltermire" <email@example.com>, "The IESG" <firstname.lastname@example.org>, email@example.com Subject: Protocol Action: 'Protecting Internet Key Exchange Protocol version 2 (IKEv2) Implementations from Distributed Denial of Service Attacks' to Proposed Standard (draft-ietf-ipsecme-ddos-protection-10.txt) The IESG has approved the following document: - 'Protecting Internet Key Exchange Protocol version 2 (IKEv2) Implementations from Distributed Denial of Service Attacks' (draft-ietf-ipsecme-ddos-protection-10.txt) as Proposed Standard This document is the product of the IP Security Maintenance and Extensions Working Group. The IESG contact persons are Stephen Farrell and Kathleen Moriarty. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ddos-protection/
Technical Summary This document is a standards track submission that recommends implementation and configuration best practices for Internet Key Exchange Protocol version 2 (IKEv2) Responders, to allow them to resist Denial of Service and Distributed Denial of Service attacks. Additionally, the document introduces a new mechanism called "Client Puzzles" that help accomplish this task. Working Group Summary The document was reviewed by several regular WG participants. Changes suggested by the chairs and participants resulted in a good deal of discussion and revisions to improve the document. The submitted draft represents solid WG consensus. Document Quality No implementations are currently known, but multiple WG members have expressed an interest in implementing the guidance in this document. Personnel Kathleen Moriarty is the responsible Area Director. Dave Waltermire is the document shepherd. IANA Note This document adds a new entry to the 'IKEv2 Payload Types' registry.