[IPsec] Last Call: <draft-ietf-ipsecme-ddos-protection-09.txt> (Protecting Internet Key Exchange Protocol version 2 (IKEv2) Implementations from Distributed Denial of Service Attacks) to Proposed Standard
The IESG <iesg-secretary@ietf.org> Wed, 14 September 2016 19:08 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ipsec@ietf.org
Delivered-To: ipsec@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BB7E12B463; Wed, 14 Sep 2016 12:08:18 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.33.0
Auto-Submitted: auto-generated
Precedence: bulk
Sender: iesg-secretary@ietf.org
Message-ID: <147388009800.19813.4336871193397025274.idtracker@ietfa.amsl.com>
Date: Wed, 14 Sep 2016 12:08:18 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/snb2PM7uc0mrsYaTL9R01VA_Vq0>
Cc: ipsec@ietf.org, ipsecme-chairs@ietf.org, draft-ietf-ipsecme-ddos-protection@ietf.org, Kathleen.Moriarty.ietf@gmail.com, David Waltermire <david.waltermire@nist.gov>
Subject: [IPsec] Last Call: <draft-ietf-ipsecme-ddos-protection-09.txt> (Protecting Internet Key Exchange Protocol version 2 (IKEv2) Implementations from Distributed Denial of Service Attacks) to Proposed Standard
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.17
Reply-To: ietf@ietf.org
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Sep 2016 19:08:18 -0000
The IESG has received a request from the IP Security Maintenance and Extensions WG (ipsecme) to consider the following document: - 'Protecting Internet Key Exchange Protocol version 2 (IKEv2) Implementations from Distributed Denial of Service Attacks' <draft-ietf-ipsecme-ddos-protection-09.txt> as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2016-09-28. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document recommends implementation and configuration best practices for Internet Key Exchange Protocol version 2 (IKEv2) Responders, to allow them to resist Denial of Service and Distributed Denial of Service attacks. Additionally, the document introduces a new mechanism called "Client Puzzles" that help accomplish this task. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ddos-protection/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ddos-protection/ballot/ No IPR declarations have been submitted directly on this I-D.