On Thu, Sep 12, 2013 at 12:04 PM, Nico Williams <n...@cryptonector.com> wrote:
> Note: you don't just want BTNS, you also want RFC5660 -- "IPsec
> channels". You also want to define a channel binding for such channels
> (this is trivial).
I am not convinced. It's supposed to be *better than nothing*. Packets
that are encrypted between me and whatever gateway the endpoint elects
to use are strictly better than unencrypted packets, from a security
and privacy standpoint.
Insisting that "BTNS should not be used without X, Y, and Z" had
better come with a detailed explanation of why BTNS without X, Y, Z
makes me *less* secure than no BTNS at all.
--
Taral <tar...@gmail.com>
"Please let me know if there's any further trouble I can give you."
-- Unknown
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
