At 2:49 PM -0500 6/26/07, Nicolas Williams wrote:
On Fri, Jun 22, 2007 at 10:43:16AM -0700, Paul Hoffman wrote:
> This was discussed many times, and always rejected as "not good
enough" by the purists. Then the IETF created the BTNS Working Group
which is spending huge amounts of time getting close to purity again.
That's pretty funny, actually, although I don't quite agree with the
substance (surprise!) :)
Why, are you some sort or purist? :-) (For those outside the IETF,
Nico is one of the main movers and shakers in BTNS, and is probably
one of the main reasons it looks like it will actually finish its
work.)
Seriously, for those who merely want unauthenticated IPsec, MITMs and
all, then yes, agreeing on a globally shared secret would suffice.
Well, almost suffice. You also need a way of signalling before the
Diffie-Hellman that this is what you are doing, but that's a trivial
extension to both IKEv1 and IKEv2.
For all the other aspects of BTNS (IPsec connection latching [and
channel binding], IPsec APIs, leap-of-faith IPsec) agreeing on a
globally shared secret does not come close to being sufficient.
Fully agree. BTNS will definitely give you more than just one-off
encrypted tunnels, once the work is finished. But then, it should
probably be called MMTBTNS (Much More Than...).
--Paul Hoffman, Director
--VPN Consortium
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]