Greetings. At the meeting in Prague, there was discussion of the
IPsec-related YANG documents (draft-tran-ipecme-yang-ipsec,
draft-wang-ipsecme-ipsec-yang, and draft-wang-ipsecme-ike-yang). Given
the low level of understanding of YANG, it would be great if the authors
of the three documents cou
Hi Dharmanandana,
I don't think that the attack, described in the section 2.4 of RFC 7296
is related to NULL authentication. This attack implies that attackers
send IKE_SA_INIT response containing garbage in the KE Payload
and that they never compute SKEYSEED and the other keys, so that
they canno
Hi,
As per statement under section 2.4 in RFC 7296,
To prevent DoS attack on the initiator, "the initiator MAY be willing to accept
multiple responses to its first message,
treat each response as potentially legitimate, respond to each one, and then
discard all the invalid half-open connect