[btns] Protocol Action: 'IPsec Channels: Connection Latching' to Proposed Standard

The IESG <iesg-secretary@ietf.org> Mon, 17 August 2009 18:18 UTC

Return-Path: <wwwrun@core3.amsl.com>
X-Original-To: btns@ietf.org
Delivered-To: btns@core3.amsl.com
Received: by core3.amsl.com (Postfix, from userid 30) id 733E73A6774; Mon, 17 Aug 2009 11:18:33 -0700 (PDT)
X-idtracker: yes
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Message-Id: <20090817181833.733E73A6774@core3.amsl.com>
Date: Mon, 17 Aug 2009 11:18:33 -0700 (PDT)
Cc: Internet Architecture Board <iab@iab.org>, btns mailing list <btns@ietf.org>, btns chair <btns-chairs@tools.ietf.org>, RFC Editor <rfc-editor@rfc-editor.org>
Subject: [btns] Protocol Action: 'IPsec Channels: Connection Latching' to Proposed Standard
X-BeenThere: btns@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Better-Than-Nothing-Security Working Group discussion list <btns.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/btns>, <mailto:btns-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/btns>
List-Post: <mailto:btns@ietf.org>
List-Help: <mailto:btns-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/btns>, <mailto:btns-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Aug 2009 18:18:33 -0000

The IESG has approved the following document:

- 'IPsec Channels: Connection Latching '
   <draft-ietf-btns-connection-latching-11.txt> as a Proposed Standard

This document is the product of the Better-Than-Nothing Security Working Group. 

The IESG contact persons are Tim Polk and Pasi Eronen.

A URL of this Internet-Draft is:

Technical Summary

  This document specifies, abstractly, how to interface applications
  and transport protocols with IPsec so as to create "channels" by
  latching "connections" (packet flows) to certain IPsec Security
  Association (SA) parameters for the lifetime of the connections.
  Connection latching is layered on top of IPsec and does not modify
  the underlying IPsec architecture.

  Connection latching can be used to protect applications against
  accidentally exposing live packet flows to unintended peers, whether
  as the result of a reconfiguration of IPsec or as the result of using
  weak peer identity to peer address associations.  Weak association of
  peer ID and peer addresses is at the core of Better Than Nothing
  Security (BTNS), thus connection latching can add a significant
  measure of protection to BTNS IPsec nodes.

  Finally, the availability of IPsec channels will make it possible to
  use channel binding to IPsec channels.

Working Group Summary

   This document is a product of the Better Than Nothing Security (BTNS)
   working group. 

Document Quality

   A version of Connection Latching is implemented in OpenSolaris. The
  document has been reviewed by Daniel McDonald who worked on the
  Connection Latching implementation in OpenSolaris.


   The Document Shepherd for this document is Julien Laganier (BTNS
   WG co-chair).  The Responsible Area Director is Tim Polk (Security
   Area Director).