Opened 8 years ago

Closed 7 years ago

#222 closed defect (fixed)

Are IKE SAs with NULL-Auth in-scope?

Reported by: ynir.ietf@… Owned by: draft-ietf-ipsecme-ddos-protection@…
Priority: normal Milestone:
Component: ddos-protection Severity: -
Keywords: Cc:


Raised by MCR at the meeting

With NULL-Auth anyone can generate a perfectly valid IKE SA. Is protecting against this in scope for this document or for the NULL-Auth document.

Change History (1)

comment:1 Changed 7 years ago by ynir.ietf@…

  • Resolution set to fixed
  • Status changed from new to closed

The WG consensus is that NULL-Auth IKE SAs *are* in scope. Furthermore, this leads to the possibility of a non-authenticated (or null-authenticated) peer conduction DoS attacks *within* the IKE SA.

Note: See TracTickets for help on using tickets.