ad hoc IPsec or similiar

Paul Hoffman paul.hoffman at
Tue Jun 26 16:20:41 EDT 2007

At 2:49 PM -0500 6/26/07, Nicolas Williams wrote:
>On Fri, Jun 22, 2007 at 10:43:16AM -0700, Paul Hoffman wrote:
>  > This was discussed many times, and always rejected as "not good
>>  enough" by the purists. Then the IETF created the BTNS Working Group
>>  which is spending huge amounts of time getting close to purity again.
>That's pretty funny, actually, although I don't quite agree with the
>substance (surprise!)  :)

Why, are you some sort or purist? :-) (For those outside the IETF, 
Nico is one of the main movers and shakers in BTNS, and is probably 
one of the main reasons it looks like it will actually finish its 

>Seriously, for those who merely want unauthenticated IPsec, MITMs and
>all, then yes, agreeing on a globally shared secret would suffice.

Well, almost suffice. You also need a way of signalling before the 
Diffie-Hellman that this is what you are doing, but that's a trivial 
extension to both IKEv1 and IKEv2.

>For all the other aspects of BTNS (IPsec connection latching [and
>channel binding], IPsec APIs, leap-of-faith IPsec) agreeing on a
>globally shared secret does not come close to being sufficient.

Fully agree. BTNS will definitely give you more than just one-off 
encrypted tunnels, once the work is finished. But then, it should 
probably be called MMTBTNS (Much More Than...).

--Paul Hoffman, Director
--VPN Consortium

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list