On Thu, 2 Jun 2016, Valery Smyslov wrote:
An obvious defense, which is described in Section 4.2, is limiting
the number of half-open SAs opened by a single peer. However, since
all that is required is a single packet, an attacker can use multiple
spoofed source IP addresses.
I
A new meeting session request has just been submitted by David Waltermire, a
Chair of the ipsecme working group.
-
Working Group Name: IP Security Maintenance and Extensions
Area Name: Security Area
Session Requester: D. Waltermire
Numbe
Hi Paul,
thank you for the very thorough review (and especially - for the nits).
This is a partial review of draft-ietf-ipsecme-ddos-protection-06
up to Section 6. I hope to complete the rest in the next few days.
I think this document needs another revision before continuing.
(and I would pre