A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IP Security Maintenance and Extensions of the
IETF.
Title : Protecting Internet Key Exchange Protocol version 2
(IKEv2) Implementations from Distributed Denial of S
Assume a responder which currently *implements* IKEv1 and IKEv2.
Consider the cases:
A) it has a global policy set to reject all IKEv1 connections.
B) it has a global policy set to reject all IKEv2 connections.
C) a specific policy (for a specific peer, identified by IP address) has a
policy t
> On Apr 15, 2016, at 3:24 PM, Michael Richardson wrote:
>
> ...
> I think that there is a significant tension between providing some useful
> diagnostics to the other end vs telling too much about our policy.
One approach would be: say nothing meaningful in the reply, but log information
loca
On Fri, 15 Apr 2016, Michael Richardson wrote:
A1) Upon receipt of an IKEv1 message, such a peer should reply with an
IKEv1 format notify INVALID-MAJOR-VERSION. Seems perverse to use IKEv1
to say, "I do not speak IKEv1"
{"En puhuto sumalainen"}
A2) Upon receipt of an IKEv1 message,
Hi,
the new version of the draft addresses comments received during WGLC.
Those who commented (Paul, Graham, Michael and others), please verify
that your concerns are resolved.
Regards,
Yoav and Valery.
-Original Message-
From: internet-dra...@ietf.org
Date: 15 апреля 2016 г. 22:23
To