RFC 8019

Protecting Internet Key Exchange Protocol Version 2 (IKEv2) Implementations from Distributed Denial-of-Service Attacks, November 2016

Canonical URL:
https://www.rfc-editor.org/rfc/rfc8019.txt
File formats:
Plain TextPDF
Status:
PROPOSED STANDARD
Authors:
Y. Nir
V. Smyslov
Stream:
IETF
Source:
ipsecme (sec)

Cite this RFC: TXT  |  XML

DOI:  10.17487/RFC8019

Discuss this RFC: Send questions or comments to ipsec@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

This document recommends implementation and configuration best practices for Internet Key Exchange Protocol version 2 (IKEv2) Responders, to allow them to resist Denial-of-Service and Distributed Denial-of-Service attacks. Additionally, the document introduces a new mechanism called "Client Puzzles" that helps accomplish this task.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Download PDF Reader