Hi, this version introduces a domain separation for new authentication logic. It also has some text about using PPK as a possible counter measure against downgrade attacks.
Please consider this version when responding to adoption call. Regards, Valery (for the authors). > Internet-Draft draft-smyslov-ipsecme-ikev2-downgrade-prevention-02.txt is now > available. It is a work item of the IP Security Maintenance and Extensions > (IPSECME) WG of the IETF. > > Title: Prevention Downgrade Attacks on the Internet Key Exchange Protocol > Version 2 (IKEv2) > Authors: Valery Smyslov > Christopher Patton > Name: draft-smyslov-ipsecme-ikev2-downgrade-prevention-02.txt > Pages: 9 > Dates: 2025-08-28 > > Abstract: > > This document describes an extension to the Internet Key Exchange > protocol version 2 (IKEv2) that aims to prevent some kinds of > downgrade attacks on this protocol by having the peers confirm they > have participated in the same conversation. > > The IETF datatracker status page for this Internet-Draft is: > https://datatracker.ietf.org/doc/draft-smyslov-ipsecme-ikev2-downgrade-prevention/ > > There is also an HTMLized version available at: > https://datatracker.ietf.org/doc/html/draft-smyslov-ipsecme-ikev2-downgrade- > prevention-02 > > A diff from the previous version is available at: > https://author-tools.ietf.org/iddiff?url2=draft-smyslov-ipsecme-ikev2-downgrade- > prevention-02 > > Internet-Drafts are also available by rsync at: > rsync.ietf.org::internet-drafts > > > _______________________________________________ > IPsec mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
