Skip to main content

Problem and Applicability Statement for Better-Than-Nothing Security (BTNS)
RFC 5387

Revision differences

Document history

Date By Action
2018-12-20
(System)
Received changes through RFC Editor sync (changed abstract to 'The Internet network security protocol suite, IPsec, requires authentication, usually of network-layer entities, to enable access …
Received changes through RFC Editor sync (changed abstract to 'The Internet network security protocol suite, IPsec, requires authentication, usually of network-layer entities, to enable access control and provide security services. This authentication can be based on mechanisms such as pre-shared symmetric keys, certificates with associated asymmetric keys, or the use of Kerberos (via Kerberized Internet Negotiation of Keys (KINK)). The need to deploy authentication information and its associated identities can be a significant obstacle to the use of IPsec.

This document explains the rationale for extending the Internet network security protocol suite to enable use of IPsec security services without authentication. These extensions are intended to protect communication, providing "better-than-nothing security" (BTNS). The extensions may be used on their own (this use is called Stand-Alone BTNS, or SAB) or may be used to provide network-layer security that can be authenticated by higher layers in the protocol stack (this use is called Channel-Bound BTNS, or CBB). The document also explains situations for which use of SAB and/or CBB extensions are applicable. This memo provides information for the Internet community.')
2017-05-16
(System) Changed document authors from "David Black, Yu-Shun Wang" to "David Black, Yu-Shun Wang, Joseph Touch"
2015-10-14
(System) Notify list changed from btns-chairs@ietf.org to (None)
2008-11-17
Amy Vezza State Changes to RFC Published from RFC Ed Queue by Amy Vezza
2008-11-17
Amy Vezza [Note]: 'RFC 5387' added by Amy Vezza
2008-11-14
(System) RFC published