[IPsec] Protocol Action: 'Protecting Internet Key Exchange Protocol version 2 (IKEv2) Implementations from Distributed Denial of Service Attacks' to Proposed Standard (draft-ietf-ipsecme-ddos-protection-10.txt)
The IESG <iesg-secretary@ietf.org> Thu, 06 October 2016 21:49 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ipsec@ietf.org
Delivered-To: ipsec@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 81FAD1297BE; Thu, 6 Oct 2016 14:49:18 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.34.2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147579055851.23797.1876225249656053845.idtracker@ietfa.amsl.com>
Date: Thu, 06 Oct 2016 14:49:18 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/EbvtdgLgD2IdJCGAOqWvdZVtofI>
Cc: ipsecme-chairs@ietf.org, draft-ietf-ipsecme-ddos-protection@ietf.org, ipsec@ietf.org, Kathleen.Moriarty.ietf@gmail.com, The IESG <iesg@ietf.org>, rfc-editor@rfc-editor.org, David Waltermire <david.waltermire@nist.gov>
Subject: [IPsec] Protocol Action: 'Protecting Internet Key Exchange Protocol version 2 (IKEv2) Implementations from Distributed Denial of Service Attacks' to Proposed Standard (draft-ietf-ipsecme-ddos-protection-10.txt)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.17
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Oct 2016 21:49:18 -0000
The IESG has approved the following document: - 'Protecting Internet Key Exchange Protocol version 2 (IKEv2) Implementations from Distributed Denial of Service Attacks' (draft-ietf-ipsecme-ddos-protection-10.txt) as Proposed Standard This document is the product of the IP Security Maintenance and Extensions Working Group. The IESG contact persons are Stephen Farrell and Kathleen Moriarty. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ddos-protection/ Technical Summary This document is a standards track submission that recommends implementation and configuration best practices for Internet Key Exchange Protocol version 2 (IKEv2) Responders, to allow them to resist Denial of Service and Distributed Denial of Service attacks. Additionally, the document introduces a new mechanism called "Client Puzzles" that help accomplish this task. Working Group Summary The document was reviewed by several regular WG participants. Changes suggested by the chairs and participants resulted in a good deal of discussion and revisions to improve the document. The submitted draft represents solid WG consensus. Document Quality No implementations are currently known, but multiple WG members have expressed an interest in implementing the guidance in this document. Personnel Kathleen Moriarty is the responsible Area Director. Dave Waltermire is the document shepherd. IANA Note This document adds a new entry to the 'IKEv2 Payload Types' registry.