Hi Dharmanandana,
I don't think that the attack, described in the section 2.4 of RFC 7296
is related to NULL authentication. This attack implies that attackers
send IKE_SA_INIT response containing garbage in the KE Payload
and that they never compute SKEYSEED and the other keys, so that
they canno
Hi,
As per statement under section 2.4 in RFC 7296,
To prevent DoS attack on the initiator, "the initiator MAY be willing to accept
multiple responses to its first message,
treat each response as potentially legitimate, respond to each one, and then
discard all the invalid half-open connect