At 2:49 PM -0500 6/26/07, Nicolas Williams wrote:
On Fri, Jun 22, 2007 at 10:43:16AM -0700, Paul Hoffman wrote:
 > This was discussed many times, and always rejected as "not good
 enough" by the purists. Then the IETF created the BTNS Working Group
 which is spending huge amounts of time getting close to purity again.

That's pretty funny, actually, although I don't quite agree with the
substance (surprise!)  :)

Why, are you some sort or purist? :-) (For those outside the IETF, Nico is one of the main movers and shakers in BTNS, and is probably one of the main reasons it looks like it will actually finish its work.)

Seriously, for those who merely want unauthenticated IPsec, MITMs and
all, then yes, agreeing on a globally shared secret would suffice.

Well, almost suffice. You also need a way of signalling before the Diffie-Hellman that this is what you are doing, but that's a trivial extension to both IKEv1 and IKEv2.

For all the other aspects of BTNS (IPsec connection latching [and
channel binding], IPsec APIs, leap-of-faith IPsec) agreeing on a
globally shared secret does not come close to being sufficient.

Fully agree. BTNS will definitely give you more than just one-off encrypted tunnels, once the work is finished. But then, it should probably be called MMTBTNS (Much More Than...).

--Paul Hoffman, Director
--VPN Consortium

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to