论文信息 - Better-Than-Nothing Security: An Unauthenticated Mode of IPsec

Better-Than-Nothing Security: An Unauthenticated Mode of IPsec

This document specifies how to use the Internet Key Exchange (IKE) protocols, such as IKEv1 and IKEv2, to setup "unauthenticated" security associations (SAs) for use with the IPsec Encapsulating Security Payload (ESP) and the IPsec Authentication Header (AH). No IKE extensions are needed, but Peer Authorization Database (PAD) and Security Policy Database (SPD) extensions are specified. Unauthenticated IPsec is herein referred to by its popular acronym, "BTNS" (Better Than Nothing Security).

Michael C. Richardson | Nicolas Williams | M. Richardson | N. Williams

[1] Tatu Ylönen,et al. The Secure Shell (SSH) Protocol Architecture , 2006, RFC.

[2] Nicolas Williams,et al. On the Use of Channel Bindings to Secure Channels , 2007, RFC.

[3] Scott O. Bradner,et al. Key words for use in RFCs to Indicate Requirement Levels , 1997, RFC.

[4] W. Douglas Maughan,et al. Internet Security Association and Key Management Protocol (ISAKMP) , 1998, RFC.

[5] Dan Harkins,et al. The Internet Key Exchange (IKE) , 1998, RFC.

[6] Stephen T. Kent,et al. Security Architecture for the Internet Protocol , 1998, RFC.

[7] David L. Black,et al. Problem and Applicability Statement for Better-Than-Nothing Security (BTNS) , 2008, RFC.

[8] John Linn,et al. Generic Security Service Application Program Interface Version 2, Update 1 , 2000, RFC.

[9] Nicolas Williams,et al. IPsec Channels: Connection Latching , 2009, RFC.

[10] Charlie Kaufman,et al. Internet Key Exchange (IKEv2) Protocol , 2005, RFC.