On 3/12/2014 10:06 AM, Nico Williams wrote:
On Wed, Mar 12, 2014 at 11:49 AM, Joe Touch <[email protected]> wrote:
...
BTNS uses unsigned key exchanged, and there's nothing "opportunistic" about
it. Unsigned authentication is the goal from the start.
For me the goal was to use channel binding at the application layer.
Having unsigned key exchange has two ultimate uses:
- raising the bar for attacks
above 'send a RST' but below MITM
- providing a network-level mechanism that can be linked
to security at higher layers
App-layer channel binding could be useful for BTNS, or for other
approaches too (e.g., where a single key protects a set of ports).
But we never got there: no one seems to care much about end-to-end
IPsec, sadly. (Well, it's not that no one cares, but that it's too
late now; TLS is king.)
TLS still doesn't protect the transport or network layers.
OE as defined in RFC 4322 isn't about using unsigned key exchange; the
"opportunistic" sense is derived from using keys retrieved from DNS without
prior agreement. That's not what happens in BTNS.
Stephen has it right: OE in the RFC4322 sense is about applying
protection even when SPDs don't agree on this, but it still requires a
keying infrastructure (i.e., trust paths).
Right, but then "O" isn't quite the right term for security that avoids
the need for keying infrastructure altogether.
Joe
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
