IPsec sequence number integrity check value
draft-song-ipsecme-seq-icv-01
Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
---|---|---|---|
Authors | Jifei Song, Tina Tsou (Ting ZOU) , Vishwas Manral | ||
Last updated | 2014-01-09 (Latest revision 2013-07-08) | ||
RFC stream | (None) | ||
Intended RFC status | (None) | ||
Formats | |||
Stream | Stream state | (No stream defined) | |
Consensus boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | Expired | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
This document specifies an IPsec AH and ESP sequence number validation scheme, which is complementary to the existing ICV mechanism and anti-replay mechanism of AH and ESP in defense against DOS attack. It is an optional feature negotiable through IKE, for this feature to be negotiated, both sender and receiver must implement it. If any party doesn't support it, then this feature should be excluded from negotiation. The rationale for such a scheme is discussed first; then requirements and guidelines for design of the scheme are laid out. There can be various ways to implement the scheme, some reference designs are discussed to set the base for effort of identifying best practice and eventually establishing a standard on the subject.
Authors
Jifei Song
Tina Tsou (Ting ZOU)
Vishwas Manral
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)