"Better Than Nothing Security"
Eric Rescorla has a great post reporting from the IETF on the “Better Than Nothing Security BOF.”
As I see it, this boils down to an understanding that paying for digital signatures is very expensive, while we’ve known for ten years that “keys are cheap.” (Thanks, Eric!)
The SSH folks got this very right: You connect to a host and remember its key. That’s cheap, and mostly works. You can decide to verify keys at a higher layer if you feel a need to. The IETF’s IPSec folks, in contrast, got it wrong. They want you to pay someone else to sign your keys.
The names being associated with this (“leap-of-faith” and “anonsec”) are incredibly poorly chosen, and will help keep IPSec from deploying. (Alternately, they’re well chosen by the enemies of the good — those who want nothing but the best, and are willing to be insecure until we get it.) If you’d like these to ever deploy, call them “local certification” and “persistent.”
Oh, and the cryptography list discussed this, too.