Re: [IPsec] Status of draft-ietf-ipsecme-ddos-protection

2016-05-31 Thread Paul Wouters
On Tue, 31 May 2016, Waltermire, David A. (Fed) wrote: From what I am reading, there isn't an interest in splitting puzzles out as experimental. If you feel strongly that puzzles should be split out into a separate experimental draft, please speak up. If we don't hear anything by Monday,

Re: [IPsec] Status of draft-ietf-ipsecme-ddos-protection

2016-05-31 Thread Waltermire, David A. (Fed)
6 2:05 AM > To: Yoav Nir <ynir.i...@gmail.com> > Cc: ipsec@ietf.org; p...@nohats.ca > Subject: Re: [IPsec] Status of draft-ietf-ipsecme-ddos-protection > > >> The concern is not about stand-alone puzzles document. It is about an > >> Experimental s

Re: [IPsec] Status of draft-ietf-ipsecme-ddos-protection

2016-05-31 Thread Valery Smyslov
The concern is not about stand-alone puzzles document. It is about an Experimental status of that document versus Standards Track in the current draft. Vendors tend to ignore Experimental RFCs. The conventional wisdom is that vendors tend to ignore whatever status the IETF assigns to

Re: [IPsec] Status of draft-ietf-ipsecme-ddos-protection

2016-05-30 Thread Yoav Nir
> On 31 May 2016, at 8:01 AM, Valery Smyslov wrote: > > Hi Paul, > >>> On the other hand, if we go this way and give the puzzles stuff an >>> Experimantal status, then probably very few vendors (if any) will implement >>> it and the real problem of defending against >>>

Re: [IPsec] Status of draft-ietf-ipsecme-ddos-protection

2016-05-30 Thread Valery Smyslov
Hi Paul, On the other hand, if we go this way and give the puzzles stuff an Experimantal status, then probably very few vendors (if any) will implement it and the real problem of defending against (D)DoS attacks will remain unaddressed. I don't think the puzzles implementation adoption will

Re: [IPsec] Status of draft-ietf-ipsecme-ddos-protection

2016-05-30 Thread Paul Wouters
On Thu, 26 May 2016, Valery Smyslov wrote: On the other hand, if we go this way and give the puzzles stuff an Experimantal status, then probably very few vendors (if any) will implement it and the real problem of defending against (D)DoS attacks will remain unaddressed. I don't think the

[IPsec] Status of draft-ietf-ipsecme-ddos-protection

2016-05-26 Thread Valery Smyslov
Hi, in Buenos-Aires it was expressed a proposal to split the DDoS protection draft into two. One of them would describe possible kinds of (D)DoS attacks and would suggest some counter measures to thwart them without introducing anything new into the IKEv2 protocol. The other document (with