| < draft-ietf-ipsecme-ddos-protection-07.txt | draft-ietf-ipsecme-ddos-protection-08.txt > | |||
|---|---|---|---|---|
| IPSecME Working Group Y. Nir | IPSecME Working Group Y. Nir | |||
| Internet-Draft Check Point | Internet-Draft Check Point | |||
| Intended status: Standards Track V. Smyslov | Intended status: Standards Track V. Smyslov | |||
| Expires: January 2, 2017 ELVIS-PLUS | Expires: February 18, 2017 ELVIS-PLUS | |||
| July 1, 2016 | August 17, 2016 | |||
| Protecting Internet Key Exchange Protocol version 2 (IKEv2) | Protecting Internet Key Exchange Protocol version 2 (IKEv2) | |||
| Implementations from Distributed Denial of Service Attacks | Implementations from Distributed Denial of Service Attacks | |||
| draft-ietf-ipsecme-ddos-protection-07 | draft-ietf-ipsecme-ddos-protection-08 | |||
| Abstract | Abstract | |||
| This document recommends implementation and configuration best | This document recommends implementation and configuration best | |||
| practices for Internet Key Exchange Protocol version 2 (IKEv2) | practices for Internet Key Exchange Protocol version 2 (IKEv2) | |||
| Responders, to allow them to resist Denial of Service and Distributed | Responders, to allow them to resist Denial of Service and Distributed | |||
| Denial of Service attacks. Additionally, the document introduces a | Denial of Service attacks. Additionally, the document introduces a | |||
| new mechanism called "Client Puzzles" that help accomplish this task. | new mechanism called "Client Puzzles" that help accomplish this task. | |||
| Status of This Memo | Status of This Memo | |||
| skipping to change at page 1, line 36 ¶ | skipping to change at page 1, line 36 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on January 2, 2017. | This Internet-Draft will expire on February 18, 2017. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2016 IETF Trust and the persons identified as the | Copyright (c) 2016 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 28, line 29 ¶ | skipping to change at page 28, line 29 ¶ | |||
| 13. References | 13. References | |||
| 13.1. Normative References | 13.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <http://www.rfc-editor.org/info/rfc2119>. | <http://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC5723] Sheffer, Y. and H. Tschofenig, "Internet Key Exchange | ||||
| Protocol Version 2 (IKEv2) Session Resumption", RFC 5723, | ||||
| DOI 10.17487/RFC5723, January 2010, | ||||
| <http://www.rfc-editor.org/info/rfc5723>. | ||||
| [RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T. | [RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T. | |||
| Kivinen, "Internet Key Exchange Protocol Version 2 | Kivinen, "Internet Key Exchange Protocol Version 2 | |||
| (IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October | (IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October | |||
| 2014, <http://www.rfc-editor.org/info/rfc7296>. | 2014, <http://www.rfc-editor.org/info/rfc7296>. | |||
| [RFC7383] Smyslov, V., "Internet Key Exchange Protocol Version 2 | [RFC7383] Smyslov, V., "Internet Key Exchange Protocol Version 2 | |||
| (IKEv2) Message Fragmentation", RFC 7383, | (IKEv2) Message Fragmentation", RFC 7383, | |||
| DOI 10.17487/RFC7383, November 2014, | DOI 10.17487/RFC7383, November 2014, | |||
| <http://www.rfc-editor.org/info/rfc7383>. | <http://www.rfc-editor.org/info/rfc7383>. | |||
| [IKEV2-IANA] | [IKEV2-IANA] | |||
| "Internet Key Exchange Version 2 (IKEv2) Parameters", | "Internet Key Exchange Version 2 (IKEv2) Parameters", | |||
| <http://www.iana.org/assignments/ikev2-parameters>. | <http://www.iana.org/assignments/ikev2-parameters>. | |||
| 13.2. Informative References | 13.2. Informative References | |||
| [bitcoins] | [bitcoins] | |||
| Nakamoto, S., "Bitcoin: A Peer-to-Peer Electronic Cash | Nakamoto, S., "Bitcoin: A Peer-to-Peer Electronic Cash | |||
| System", October 2008, <https://bitcoin.org/bitcoin.pdf>. | System", October 2008, <https://bitcoin.org/bitcoin.pdf>. | |||
| [RFC5723] Sheffer, Y. and H. Tschofenig, "Internet Key Exchange | ||||
| Protocol Version 2 (IKEv2) Session Resumption", RFC 5723, | ||||
| DOI 10.17487/RFC5723, January 2010, | ||||
| <http://www.rfc-editor.org/info/rfc5723>. | ||||
| [RFC7619] Smyslov, V. and P. Wouters, "The NULL Authentication | [RFC7619] Smyslov, V. and P. Wouters, "The NULL Authentication | |||
| Method in the Internet Key Exchange Protocol Version 2 | Method in the Internet Key Exchange Protocol Version 2 | |||
| (IKEv2)", RFC 7619, DOI 10.17487/RFC7619, August 2015, | (IKEv2)", RFC 7619, DOI 10.17487/RFC7619, August 2015, | |||
| <http://www.rfc-editor.org/info/rfc7619>. | <http://www.rfc-editor.org/info/rfc7619>. | |||
| [RFC7696] Housley, R., "Guidelines for Cryptographic Algorithm | [RFC7696] Housley, R., "Guidelines for Cryptographic Algorithm | |||
| Agility and Selecting Mandatory-to-Implement Algorithms", | Agility and Selecting Mandatory-to-Implement Algorithms", | |||
| BCP 201, RFC 7696, DOI 10.17487/RFC7696, November 2015, | BCP 201, RFC 7696, DOI 10.17487/RFC7696, November 2015, | |||
| <http://www.rfc-editor.org/info/rfc7696>. | <http://www.rfc-editor.org/info/rfc7696>. | |||
| End of changes. 5 change blocks. | ||||
| 9 lines changed or deleted | 9 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||