BTNS meeting notes These are the minutes for the Better than nothing security (BTNS) working group meeting, held at IETF-65 on Monday, March 20, 2006, in Dallas. Thanks to Jeffrey Hutzelman jabber scribing, on which the notes on which these minutes are based. Chairs: Love Hoernquist Aastrand and Pekka Nikander * Working group background Three different groups/interests: * protection against off-path attackers * working towards channel binding * SSH-like leap-of-faith use of IPsec The working group was chartered to: * specify extensions to IPsec so that IPsec will support creation of unauthenticated SAs. * enable and encourage simpler and more rapid deployment of IPsec. * Goals for the meeting * Complete discussion on Problem statement and applicability statement. * Discussion on Nico's proposal for a core document * Update milestones * Decisions made * Require support of bare keys, and add self-signed certificates as a SHOULD. * The IKE extensions will be folded into the core document and Michael Richardson help Nicolas with document as a co editor. * Michael Richardson will do work on the API document. * Action items * Sam Hartman with the help of David Black will make a presentation his ideas on what problems the solve in the API problem space to next IETF general meeting. * Re-spin PS/AS document, submit document in May, and take to WG-LC * Address comments on Nicolas's drafts. * Start up work on IPsec interfaces draft * Current work * Problem and Applicability statement * Better-Than-Nothing-Security: An Unauthenticated Mode of IPsec * IPsec Channels: Connection Latching The later two are newly accepted wg-documents since the last meeting. * Points to pay attention to * There is the work of Steve Bellovin, draft-bellovin-use-ipsec-04, "Guidelines for Mandating the Use of IPsec". This might be used when thinking about the API problem, and how applications will use it. * Presentation: Discussion on Applicability and Problem statement Joe Touch talked about the Problem and Applicability Statement document. There are four outstanding issues, and hopefully next revision of the document can go to working group last call. Yu-Shun Wang thought that it was possible to get a new revision till end of May. * Presentation: Core document and Connection latching Nicolas Williams made a presentation of his drafts "An Unauthenticated Mode of IPsec" and "IPsec Channels: Connection Latching". The group thought that direction of document was the right one. There was consensus that the document was too terse, and that Nicolas needed fill in more details how it should work and how it would fit into IPsec processing. * API discussion There was a short discussion on how to proceed with the API item from the charter. Sam Hartman with help from David Black will present at next IETF. Michael Richardson promised to look at the old API requirements document that he and Bill Sommerfeld made for IPSP. * We also process the outstanding issues, and the decided the following: * Exact details of SPD/PAD extensions * Do we need IKE extensions or not? Part of Nico's document. Milestone question are they done or is something missing. The meeting concluded that they are done. * Auto detection of BTNS Out of scope for the the working group. * Bare keys vs. self-signed certificate See decision item above. * Updating milestones Done First version of SPD and/or PAD extensions draft May 06 WG LC on problem and applicability statement (a+b) Done First version of IKE extensions draft (if needed) May 06 First version of IPsec interfaces draft (e) May 06 Submit problem and applicability statement to IESG (a+b) Aug 06 WG LC on IKE extensions (c) Aug 06 WG LC on SPD and/or PAD extensions (d) Sep 06 Submit IKE extensions to the IESG Sep 06 Submit SPD and/or PAD extensions to the IESG Nov06 WG LC on IPsec interfaces draft Nov06 Submit IPsec interfaces draft to the IESG Mar 06 Recharter or close the WG