Better-Than-Nothing Security BOF (btns)

Tuesday, November 9 at 0900-1130
================================

CHAIR: Joe Touch <touch@isi.edu> 

AGENDA:

1) Agenda bashing (5 minutes)
(2) Overview of ANONSEC ID (15 mins)
(3) Discussion of possible threat models (10 mins)
(4) Discussion of candidate protocols to vary (10 mins)
(5) Charter discussion (20 mins)

Mailing List info. and preliminary Internet Drafts:
http://www.postel.org/anonsec


DESCRIPTION:

Current Internet Protocol security (IPsec) protocols present somewhat of
an all-or-nothing alternative; existing protocols provide protection
from a wide array of possible threats, but are sometimes not deployed
because of the need for cumbersome management key infrastructure,
complex configuration, or because of their performance impact. This
proposed working group will develop extensions to existing Internet
Protocol security (IPsec) protocols to support relaxed variants that
reduce their need for pre-shared keys and/or key management
infrastructure, and/or increase their performance (higher bandwidth,
lower CPU cost, lower latency). These relaxed variants provide weaker
security guarantees than their conventional counterparts, but should be
sufficient for use in limited environments, e.g., to protect against
off-path attacks but not man-in-the-middle, or to protect connections
without regard for authoritative identification of communicating
parties. The goal of these relaxed variants is to enable and encourage
the use of network security where it has been difficult to deploy -
notably, to enable simpler, more rapid deployment and to support
security in high-performance environments. (the WG will focus on IPsec
on its instantiation; after completing work on IPsec, the WG may seek
rechartering to consider other Internet security protocols)

The WG has the following specific goals over three IETF meetings:
    a) characterize a reasonable set of threat models with
       relaxed assumptions suitable for infrastructure-free
       and/or high-performance use
    b) identify existing IPsec standards track protocols for
       extension and determine whether configuration (BCP) or
       extension (standards-track) is appropriate for each
    c) document protocol configurations and/or extensions for
       infrastructure-free use
    d) document protocol configurations and/or extensions for
       high performance use

The current ANONSEC ID will serve as the initial issues (requirements)
document. Items (a) and (b) above comprise the framework document. Each
protocol specification modified as per (c) and/or (d) will comprise a
separate WG contribution. One or more of these contributions will be
published as BCPs (requirements, framework, and configurations not
requiring protocol variation) or standards-track documents (for
protocols requiring variations).