RFC 5387

Problem and Applicability Statement for Better-Than-Nothing Security (BTNS), November 2008

Canonical URL:
https://www.rfc-editor.org/rfc/rfc5387.txt
File formats:
Plain TextPDF
Status:
INFORMATIONAL
Authors:
J. Touch
D. Black
Y. Wang
Stream:
IETF
Source:
btns (sec)

Cite this RFC: TXT  |  XML

DOI:  10.17487/RFC5387

Discuss this RFC: Send questions or comments to btns@ietf.org

Other actions: View Errata  |  Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

The Internet network security protocol suite, IPsec, requires authentication, usually of network-layer entities, to enable access control and provide security services. This authentication can be based on mechanisms such as pre-shared symmetric keys, certificates with associated asymmetric keys, or the use of Kerberos (via Kerberized Internet Negotiation of Keys (KINK)). The need to deploy authentication information and its associated identities can be a significant obstacle to the use of IPsec. This document explains the rationale for extending the Internet network security protocol suite to enable use of IPsec security services without authentication. These extensions are intended to protect communication, providing "better-than-nothing security" (BTNS). The extensions may be used on their own (this use is called Stand-Alone BTNS, or SAB) or may be used to provide network-layer security that can be authenticated by higher layers in the protocol stack (this use is called Channel-Bound BTNS, or CBB). The document also explains situations for which use of SAB and/or CBB extensions are applicable. This memo provides information for the Internet community.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Download PDF Reader