Better-Than-Nothing Security: An Unauthenticated Mode of IPsec
RFC 5386, “Better-Than-Nothing Security: An Unauthenticated Mode of IPsec”, is a Proposed Standard document published in November 2008 by N. Williams, M. Richardson. The canonical text is published by the RFC Editor.
Abstract
This document specifies how to use the Internet Key Exchange (IKE) protocols, such as IKEv1 and IKEv2, to setup "unauthenticated" security associations (SAs) for use with the IPsec Encapsulating Security Payload (ESP) and the IPsec Authentication Header (AH). No changes to IKEv2 bits-on-the-wire are required, but Peer Authorization Database (PAD) and Security Policy Database (SPD) extensions are specified. Unauthenticated IPsec is herein referred to by its popular acronym, "BTNS" (Better-Than-Nothing Security). [STANDARDS-TRACK]
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 5386 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 5387 Problem and Applicability Statement for Better-Than-Nothing Security
- RFC 5384 The Protocol Independent Multicast Join Attribute Format
- RFC 5388 Information Model and XML Data Model for Traceroute Measurements
- RFC 5383 Deployment Considerations for Lemonade-Compliant Mobile Email
- RFC 5389 Session Traversal Utilities for NAT
- RFC 5382 NAT Behavioral Requirements for TCP
- RFC 5390 Requirements for Management of Overload in the Session Initiation Protocol
- RFC 5381 Experience of Implementing NETCONF over SOAP