{"draft":"draft-ietf-btns-prob-and-applic-07","doc_id":"RFC5387","title":"Problem and Applicability Statement for Better-Than-Nothing Security (BTNS)","authors":["J. Touch","D. Black","Y. Wang"],"format":["ASCII","HTML"],"page_count":"28","pub_status":"INFORMATIONAL","status":"INFORMATIONAL","source":"Better-Than-Nothing Security","abstract":"The Internet network security protocol suite, IPsec, requires\r\nauthentication, usually of network-layer entities, to enable access\r\ncontrol and provide security services.  This authentication can be\r\nbased on mechanisms such as pre-shared symmetric keys, certificates\r\nwith associated asymmetric keys, or the use of Kerberos (via\r\nKerberized Internet Negotiation of Keys (KINK)).  The need to deploy\r\nauthentication information and its associated identities can be a\r\nsignificant obstacle to the use of IPsec.\r\n\r\nThis document explains the rationale for extending the Internet\r\nnetwork security protocol suite to enable use of IPsec security\r\nservices without authentication.  These extensions are intended to\r\nprotect communication, providing \"better-than-nothing security\"\r\n(BTNS).  The extensions may be used on their own (this use is called\r\nStand-Alone BTNS, or SAB) or may be used to provide network-layer\r\nsecurity that can be authenticated by higher layers in the protocol\r\nstack (this use is called Channel-Bound BTNS, or CBB).  The document\r\nalso explains situations for which use of SAB and\/or CBB extensions\r\nare applicable.  This memo provides information for the Internet community.","pub_date":"November 2008","keywords":["ipsec","stand-alone btns","sab","channel-bound btns","cbb"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC5387","errata_url":"https:\/\/www.rfc-editor.org\/errata\/rfc5387"}