[rfc-dist] RFC 5387 on Problem and Applicability Statement for Better-Than-Nothing Security (BTNS)
rfc-editor at rfc-editor.org
Fri Nov 14 13:42:33 PST 2008
A new Request for Comments is now available in online RFC libraries.
Title: Problem and Applicability Statement for
Better-Than-Nothing Security (BTNS)
Author: J. Touch, D. Black, Y. Wang
Date: November 2008
Mailbox: touch at isi.edu,
black_david at emc.com,
yu-shun.wang at microsoft.com
I-D Tag: draft-ietf-btns-prob-and-applic-07.txt
The Internet network security protocol suite, IPsec, requires
authentication, usually of network-layer entities, to enable access
control and provide security services. This authentication can be
based on mechanisms such as pre-shared symmetric keys, certificates
with associated asymmetric keys, or the use of Kerberos (via
Kerberized Internet Negotiation of Keys (KINK)). The need to deploy
authentication information and its associated identities can be a
significant obstacle to the use of IPsec.
This document explains the rationale for extending the Internet
network security protocol suite to enable use of IPsec security
services without authentication. These extensions are intended to
protect communication, providing "better-than-nothing security"
(BTNS). The extensions may be used on their own (this use is called
Stand-Alone BTNS, or SAB) or may be used to provide network-layer
security that can be authenticated by higher layers in the protocol
stack (this use is called Channel-Bound BTNS, or CBB). The document
also explains situations for which use of SAB and/or CBB extensions
are applicable. This memo provides information for the Internet community.
This document is a product of the Better-Than-Nothing Security Working Group of the IETF.
INFORMATIONAL: This memo provides information for the Internet community.
It does not specify an Internet standard of any kind. Distribution of
this memo is unlimited.
This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html.
For downloading RFCs, see http://www.rfc-editor.org/rfc.html.
Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-editor at rfc-editor.org. Unless
specifically noted otherwise on the RFC itself, all RFCs are for
The RFC Editor Team
USC/Information Sciences Institute
More information about the rfc-dist