Better-Than-Nothing Security BOF (btns) Tuesday, November 9 at 0900-1130 ================================ CHAIR: Joe Touch AGENDA: 1) Agenda bashing (5 minutes) (2) Overview of ANONSEC ID (15 mins) (3) Discussion of possible threat models (10 mins) (4) Discussion of candidate protocols to vary (10 mins) (5) Charter discussion (20 mins) Mailing List info. and preliminary Internet Drafts: http://www.postel.org/anonsec DESCRIPTION: Current Internet Protocol security (IPsec) protocols present somewhat of an all-or-nothing alternative; existing protocols provide protection from a wide array of possible threats, but are sometimes not deployed because of the need for cumbersome management key infrastructure, complex configuration, or because of their performance impact. This proposed working group will develop extensions to existing Internet Protocol security (IPsec) protocols to support relaxed variants that reduce their need for pre-shared keys and/or key management infrastructure, and/or increase their performance (higher bandwidth, lower CPU cost, lower latency). These relaxed variants provide weaker security guarantees than their conventional counterparts, but should be sufficient for use in limited environments, e.g., to protect against off-path attacks but not man-in-the-middle, or to protect connections without regard for authoritative identification of communicating parties. The goal of these relaxed variants is to enable and encourage the use of network security where it has been difficult to deploy - notably, to enable simpler, more rapid deployment and to support security in high-performance environments. (the WG will focus on IPsec on its instantiation; after completing work on IPsec, the WG may seek rechartering to consider other Internet security protocols) The WG has the following specific goals over three IETF meetings: a) characterize a reasonable set of threat models with relaxed assumptions suitable for infrastructure-free and/or high-performance use b) identify existing IPsec standards track protocols for extension and determine whether configuration (BCP) or extension (standards-track) is appropriate for each c) document protocol configurations and/or extensions for infrastructure-free use d) document protocol configurations and/or extensions for high performance use The current ANONSEC ID will serve as the initial issues (requirements) document. Items (a) and (b) above comprise the framework document. Each protocol specification modified as per (c) and/or (d) will comprise a separate WG contribution. One or more of these contributions will be published as BCPs (requirements, framework, and configurations not requiring protocol variation) or standards-track documents (for protocols requiring variations).