UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

IETF RFC 8019

Protecting Internet Key Exchange Protocol Version 2 (IKEv2) Implementations from Distributed Denial-of-Service Attacks

active, Most Current
Buy Now
Organization: IETF
Publication Date: 1 November 2016
Status: active
Page Count: 32
scope:

This document recommends implementation and configuration best practices for Internet Key Exchange Protocol version 2 (IKEv2) Responders, to allow them to resist Denial-of-Service and Distributed Denial-of-Service attacks. Additionally, the document introduces a new mechanism called "Client Puzzles" that helps accomplish this task.

Document History

IETF RFC 8019
November 1, 2016
Protecting Internet Key Exchange Protocol Version 2 (IKEv2) Implementations from Distributed Denial-of-Service Attacks
This document recommends implementation and configuration best practices for Internet Key Exchange Protocol version 2 (IKEv2) Responders, to allow them to resist Denial-of-Service and Distributed...

References

This document references:
IETF RFC 5723 - Internet Key Exchange Protocol Version 2 (IKEv2) Session Resumption
Published by IETF on January 1, 2010
The Internet Key Exchange version 2 (IKEv2) protocol has a certain computational and communication overhead with respect to the number of round trips required and the cryptographic operations...
This document references:
IETF RFC 7383 - Internet Key Exchange Protocol Version 2 (IKEv2) Message Fragmentation
Published by IETF on November 1, 2014
This document describes a way to avoid IP fragmentation of large Internet Key Exchange Protocol version 2 (IKEv2) messages. This allows IKEv2 messages to traverse network devices that do not allow IP...
This document references:
IETF RFC 7619 - The NULL Authentication Method in the Internet Key Exchange Protocol Version 2 (IKEv2)
Published by IETF on August 1, 2015
This document specifies the NULL Authentication method and the ID_NULL Identification Payload ID Type for Internet Key Exchange Protocol version 2 (IKEv2). This allows two IKE peers to establish...
This document is referenced by:
IETF RFC 8784 - Mixing Preshared Keys in the Internet Key Exchange Protocol Version 2 (IKEv2) for Post-quantum Security
Published by IETF on June 1, 2020
Abstract The possibility of quantum computers poses a serious challenge to cryptographic algorithms deployed widely today. The Internet Key Exchange Protocol Version 2 (IKEv2) is one example of a...
This document is referenced by:
RFC 9242 - Intermediate Exchange in the Internet Key Exchange Protocol Version 2 (IKEv2)
Published by IETF on May 1, 2022
Abstract This document defines a new exchange, called "Intermediate Exchange", for the Internet Key Exchange Protocol Version 2 (IKEv2). This exchange can be used for transferring large amounts of...
This document is referenced by:
RFC 9329 - TCP Encapsulation of Internet Key Exchange Protocol (IKE) and IPsec Packets
Published by IETF on November 1, 2022
This document describes a method to transport Internet Key Exchange Protocol (IKE) and IPsec packets over a TCP connection for traversing network middleboxes that may block IKE negotiation over UDP....
This document is referenced by:
RFC 9370 - Multiple Key Exchanges in the Internet Key Exchange Protocol Version 2 (IKEv2)
Published by IETF on May 1, 2023
This document describes how to extend the Internet Key Exchange Protocol Version 2 (IKEv2) to allow multiple key exchanges to take place while computing a shared secret during a Security Association...
View Less
View All
Advertisement