A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Protecting Internet Key Exchange (IKE) Implementations from Denial of Service Attacks through Client Puzzles
Author : Yoav Nir
Filename : draft-nir-ipsecme-puzzles-00.txt
Pages : 7
Date : 2014-04-30
Abstract:
This document describes an enhancement to the Stateless Cookie
mechanism described in RFC 5996. Whereas the original mechanism
prevents denial-of-service (DoS) attacks that use multiple spoofed
source addresses, the mechanism here is effective against a
distributed denial of service attack (DDoS), where the attackers use
their own source address. This is accomplished by requiring proof of
work by the Initiator before allocating resources at the Responder.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-nir-ipsecme-puzzles/
There's also a htmlized version available at:
http://tools.ietf.org/html/draft-nir-ipsecme-puzzles-00
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
