--- 1/draft-ietf-ipsecme-ddos-protection-07.txt 2016-08-17 14:15:54.461841121 -0700 +++ 2/draft-ietf-ipsecme-ddos-protection-08.txt 2016-08-17 14:15:54.525842730 -0700 @@ -1,20 +1,20 @@ IPSecME Working Group Y. Nir Internet-Draft Check Point Intended status: Standards Track V. Smyslov -Expires: January 2, 2017 ELVIS-PLUS - July 1, 2016 +Expires: February 18, 2017 ELVIS-PLUS + August 17, 2016 Protecting Internet Key Exchange Protocol version 2 (IKEv2) Implementations from Distributed Denial of Service Attacks - draft-ietf-ipsecme-ddos-protection-07 + draft-ietf-ipsecme-ddos-protection-08 Abstract This document recommends implementation and configuration best practices for Internet Key Exchange Protocol version 2 (IKEv2) Responders, to allow them to resist Denial of Service and Distributed Denial of Service attacks. Additionally, the document introduces a new mechanism called "Client Puzzles" that help accomplish this task. Status of This Memo @@ -25,21 +25,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on January 2, 2017. + This Internet-Draft will expire on February 18, 2017. Copyright Notice Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -1301,45 +1301,45 @@ 13. References 13.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . + [RFC5723] Sheffer, Y. and H. Tschofenig, "Internet Key Exchange + Protocol Version 2 (IKEv2) Session Resumption", RFC 5723, + DOI 10.17487/RFC5723, January 2010, + . + [RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T. Kivinen, "Internet Key Exchange Protocol Version 2 (IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October 2014, . [RFC7383] Smyslov, V., "Internet Key Exchange Protocol Version 2 (IKEv2) Message Fragmentation", RFC 7383, DOI 10.17487/RFC7383, November 2014, . [IKEV2-IANA] "Internet Key Exchange Version 2 (IKEv2) Parameters", . 13.2. Informative References [bitcoins] Nakamoto, S., "Bitcoin: A Peer-to-Peer Electronic Cash System", October 2008, . - [RFC5723] Sheffer, Y. and H. Tschofenig, "Internet Key Exchange - Protocol Version 2 (IKEv2) Session Resumption", RFC 5723, - DOI 10.17487/RFC5723, January 2010, - . - [RFC7619] Smyslov, V. and P. Wouters, "The NULL Authentication Method in the Internet Key Exchange Protocol Version 2 (IKEv2)", RFC 7619, DOI 10.17487/RFC7619, August 2015, . [RFC7696] Housley, R., "Guidelines for Cryptographic Algorithm Agility and Selecting Mandatory-to-Implement Algorithms", BCP 201, RFC 7696, DOI 10.17487/RFC7696, November 2015, .