A New Internet-Draft is available from the on-line
Internet-Drafts directories.
This draft is a work item of the Better-Than-Nothing
Security Working Group of the IETF.
Title : Problem and Applicability Statement for
Better Than Nothing Security (BTNS)
Author(s) : J. Touch, et al.
Filename : draft-ietf-btns-prob-and-applic-06.txt
Pages : 24
Date : 2007-10-03
The Internet network security protocol suite, IPsec,
consisting of
IKE, ESP, and AH, generally requires authentication of
network layer
entities to bootstrap security. This authentication can be
based on
mechanisms such as pre-shared symmetric keys, certificates
and
associated asymmetric keys, or the use of Kerberos. The
need to
deploy authentication information and its associated
identities to
network layer entities can be a significant obstacle to use
of
network security. This document explains the rationale for
extending
the Internet network security suite to enable use of IPsec
security
mechanisms without authentication. These extensions are
intended to
protect communication in a "better than nothing"
(BTNS) fashion. The
extensions may be used on their own (Stand Alone BTNS, or
SAB), or
may be useful in providing network layer security that can
be
authenticated by higher layers in the protocol stack, called
Channel
Bound BTNS (CBB). This document also explains situations in
which use
of SAB and CBB extensions are appropriate.
Conventions used in this document
In examples, "C:" and "S:" indicate
lines sent by the client and
server respectively.
The key words "MUST", "MUST NOT",
"REQUIRED", "SHALL", "SHALL
NOT",
"SHOULD", "SHOULD NOT",
"RECOMMENDED", "MAY", and
"OPTIONAL" in this
document are to be interpreted as described in RFC-2119
Error!
Reference source not found..
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/dr
aft-ietf-btns-prob-and-applic-06.txt
To remove yourself from the I-D Announcement list, send a
message to
i-d-announce-request ietf.org with the word unsubscribe in the
body of
the message.
You can also visit h
ttps://www1.ietf.org/mailman/listinfo/I-D-announce
to change your subscription settings.
Internet-Drafts are also available by anonymous FTP. Login
with the
username "anonymous" and a password of your e-mail
address. After
logging in, type "cd internet-drafts" and then
"get draft-ietf-btns-prob-and-applic-06.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/s
hadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailservietf.org.
In the body type:
"FILE
/internet-drafts/draft-ietf-btns-prob-and-applic-06.txt"
;.
NOTE: The mail server at ietf.org can return the document
in
MIME-encoded form by using the "mpack" utility.
To use this
feature, insert the command "ENCODING mime"
before the "FILE"
command. To decode the response(s), you will need
"munpack" or
a MIME-compliant mail reader. Different MIME-compliant
mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which
have been split
up into multiple messages), so check your local
documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail
reader
implementation to automatically retrieve the ASCII version
of the
Internet-Draft.
_______________________________________________
|