Protecting Internet Key Exchange Protocol Version 2 Implementations from Distributed Denial-of-Service Attacks
RFC 8019, “Protecting Internet Key Exchange Protocol Version 2 Implementations from Distributed Denial-of-Service Attacks”, is a Proposed Standard document published in November 2016 by Y. Nir, V. Smyslov. The canonical text is published by the RFC Editor.
Abstract
This document recommends implementation and configuration best practices for Internet Key Exchange Protocol version 2 (IKEv2) Responders, to allow them to resist Denial-of-Service and Distributed Denial-of-Service attacks. Additionally, the document introduces a new mechanism called "Client Puzzles" that helps accomplish this task.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 8019 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 8020 NXDOMAIN: There Really Is Nothing Underneath
- RFC 8017 PKCS #1: RSA Cryptography Specifications Version 2.2
- RFC 8016 Mobility with Traversal Using Relays around NAT
- RFC 8022 A YANG Data Model for Routing Management
- RFC 8015 RTP Control Protocol Extended Report Block for Independent Reporting of Burst/Gap Discard Metrics
- RFC 8023 Report from the Workshop and Prize on Root Causes and Mitigation of Name Collisions
- RFC 8014 An Architecture for Data-Center Network Virtualization over Layer 3
- RFC 8024 Multi-Chassis Passive Optical Network Protection in MPLS