ad hoc IPsec or similiar

Nicolas Williams Nicolas.Williams at
Tue Jun 26 15:49:22 EDT 2007

On Fri, Jun 22, 2007 at 10:43:16AM -0700, Paul Hoffman wrote:
> Note that that RFC is Informational only. There were a bunch of 
> perceived issues with it, although I think they were more purity 
> disagreements than anything.
> FWIW, if you do *not* care about man-in-the-middle attacks (called 
> active attacks in RFC 4322), the solution is much, much simpler than 
> what is given in RFC 4322: everyone on the Internet agrees on a 
> single pre-shared secret and uses it. You lose any authentication 
> from IPsec, but if all you want is an encrypted tunnel that you will 
> authenticate all or parts of later, you don't need RFC 4322.
> This was discussed many times, and always rejected as "not good 
> enough" by the purists. Then the IETF created the BTNS Working Group 
> which is spending huge amounts of time getting close to purity again.

That's pretty funny, actually, although I don't quite agree with the
substance (surprise!)  :)

Seriously, for those who merely want unauthenticated IPsec, MITMs and
all, then yes, agreeing on a globally shared secret would suffice.

For all the other aspects of BTNS (IPsec connection latching [and
channel binding], IPsec APIs, leap-of-faith IPsec) agreeing on a
globally shared secret does not come close to being sufficient.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list