RFC 8019
Protecting Internet Key Exchange Protocol Version 2 (IKEv2) Implementations from Distributed Denial-of-Service Attacks, November 2016
Cite this RFC: TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC8019
Discuss this RFC: Send questions or comments to the mailing list ipsec@ietf.org
Other actions: Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 8019
Abstract
This document recommends implementation and configuration best practices for Internet Key Exchange Protocol version 2 (IKEv2) Responders, to allow them to resist Denial-of-Service and Distributed Denial-of-Service attacks. Additionally, the document introduces a new mechanism called "Client Puzzles" that helps accomplish this task.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.