Better-than-nothing security

I'm pleased to announce that the .SE Foundation has again deemed me worthy to receive funding for my research.

This time I'm tackling Better-than-nothing security, often known as BTNS. BTNS is an unauthenticated mode of IPsec.

Unlike ordinary IPsec BTNS can be used even if we can't fully authenticate the peer. We simply trust that the node is who she says she is and work from there.

This is not without merits. OK, so we don't know that we're speaking to the right node, but we still get all the other benifits of traditional IPsec: confidentiality, integrity, et cetera. We also get continuity of association, a guarantee that we're still speaking to the same party as we did when the conversation started.

For more on this, see the BTNS project page.