[IPsec] Status of draft-ietf-ipsecme-ddos-protection
"Valery Smyslov" <svanru@gmail.com> Thu, 26 May 2016 13:12 UTC
Return-Path: <svanru@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 477FF12D5FF for <ipsec@ietfa.amsl.com>; Thu, 26 May 2016 06:12:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.165
X-Spam-Level: **
X-Spam-Status: No, score=2.165 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_SORBS_WEB=0.77, SPF_PASS=-0.001, STOX_REPLY_TYPE=0.439, STOX_REPLY_TYPE_WITHOUT_QUOTES=1.757] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kZ_hrJuPJwhw for <ipsec@ietfa.amsl.com>; Thu, 26 May 2016 06:12:27 -0700 (PDT)
Received: from mail-lf0-x22c.google.com (mail-lf0-x22c.google.com [IPv6:2a00:1450:4010:c07::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1848112D658 for <ipsec@ietf.org>; Thu, 26 May 2016 06:12:24 -0700 (PDT)
Received: by mail-lf0-x22c.google.com with SMTP id k98so32375905lfi.1 for <ipsec@ietf.org>; Thu, 26 May 2016 06:12:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:from:to:subject:date:mime-version :content-transfer-encoding; bh=bdQgqj3E+X4EBc1iDHZLRQCCXqCP9rOz53gc9gC+1KY=; b=E8rbwamTqpA90mOSYSR3ZbdTI39mdQAvdIpxvO+jQDRBysAw99MEfXNia1YY2hQ9OI hHk2fsLHc/1pVCUwH2frntcazIx7LHzBq/o5YZ3n2SVGH1q2DF6MXWfrl+mHJLy4swly 1vKX4GMEMLGh3Ju05HNhPLgjgwAHFtXUkL19NEXvHfoGSJc06jTnJuOsXyWE0yJUMd9S i/l9jk+SBIm4rGQUFV/vK9YMiJkU+At8DRCUAkLJBv8e5RVIF4rN4yb4D9h9pOWtzL5X hOfR/tEfO/eL5abJfNa7aDyS8jg/e2Bb6oqg3/svUnYci/HWBZOnnAafLlceIFdMRu/I gqyA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:from:to:subject:date:mime-version :content-transfer-encoding; bh=bdQgqj3E+X4EBc1iDHZLRQCCXqCP9rOz53gc9gC+1KY=; b=YLTu82iohMDDEP05zNwv/HOZ/Jy8u5EC3ee4dhcA46WVGfFaz5CranJYVWe9P1EDtg f9b1ETiAYXa70ohGlYxLXWmrqm7Rr+zveSHWg/cKlnNr8YTrbzoZvpVOlOwxp4qElouX TblKRhDDp0AtruRe9n59MWHz4pfSCGQwflgW6hbO9nzYh/rXDevd9mr+2QT6NAC3QxuF rB9ZkI4WSfPsIel/RreZeLeMmdREOmwhegJL0E+0gctc2RrEzQayXfdVfTJAHCwbt4XN twIOHjiV4yDrdD5ngC+z/bNof9M2slxQCAQdU4NEwwQ1KlibJb2/tnYMUhSgCNx7C/LC xA4w==
X-Gm-Message-State: ALyK8tKss8uWC5xIBZJf0vKWz0LpW0rNVeCO7PHYCd9EJvi7xVqUyfwhVf664JGriSmOrg==
X-Received: by 10.25.16.27 with SMTP id f27mr2762920lfi.114.1464268342247; Thu, 26 May 2016 06:12:22 -0700 (PDT)
Received: from buildpc ([82.138.51.4]) by smtp.gmail.com with ESMTPSA id h72sm59907ljh.38.2016.05.26.06.12.21 for <ipsec@ietf.org> (version=TLSv1/SSLv3 cipher=OTHER); Thu, 26 May 2016 06:12:21 -0700 (PDT)
Message-ID: <860C938B60E24C76A1749A1563D53A55@buildpc>
From: Valery Smyslov <svanru@gmail.com>
To: ipsec@ietf.org
Date: Thu, 26 May 2016 16:12:19 +0300
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="koi8-r"; reply-type="original"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5931
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipsec/YIRtTbom9g7aLykFEEBI7ZbODDU>
Subject: [IPsec] Status of draft-ietf-ipsecme-ddos-protection
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 May 2016 13:12:28 -0000
Hi, in Buenos-Aires it was expressed a proposal to split the DDoS protection draft into two. One of them would describe possible kinds of (D)DoS attacks and would suggest some counter measures to thwart them without introducing anything new into the IKEv2 protocol. The other document (with Experimental status) would describe the puzzles and would define a new IKEv2 extension defending against (D)DoS attacks using puzzles. The main motivation for such a proposal was a concern that puzzles mechanism would not be as effective as it was initially intended to be, and might even make things worse for "small" devices. On the other hand, if we go this way and give the puzzles stuff an Experimantal status, then probably very few vendors (if any) will implement it and the real problem of defending against (D)DoS attacks will remain unaddressed. So, what folks think about this proposal? Regards, Valery & Yoav.
- [IPsec] Status of draft-ietf-ipsecme-ddos-protect… Valery Smyslov
- Re: [IPsec] Status of draft-ietf-ipsecme-ddos-pro… Yoav Nir
- Re: [IPsec] Status of draft-ietf-ipsecme-ddos-pro… Paul Wouters
- Re: [IPsec] Status of draft-ietf-ipsecme-ddos-pro… Valery Smyslov
- Re: [IPsec] Status of draft-ietf-ipsecme-ddos-pro… Yoav Nir
- Re: [IPsec] Status of draft-ietf-ipsecme-ddos-pro… Valery Smyslov
- Re: [IPsec] Status of draft-ietf-ipsecme-ddos-pro… Waltermire, David A. (Fed)
- Re: [IPsec] Status of draft-ietf-ipsecme-ddos-pro… Paul Wouters