I am also interested in Opportunistic Encryption. Even if it is not as secure as a manually configured VPN, I am willing to trade that for what it does provide. I have looked at setting up OpenSWAN in OE mode, but frankly it is daunting even for the reasonably geeky and far beyond any kind of mass implementation. Also the DNS requirements make it not a viable solution for the majority of (dynamic DNS home) users. It is fairly simple to turn on optional IPsec under windows, but then everyone needs to use a common CA (say a thawate freemail cert). This option is far easier to use than setting up openswan in OE on your router. I am interested in how Zimmermann's ZRTP accomplishes things, because he seems to have dropped the explicit need for PSKs or CAs. If this is really the case, could techniques like this be used for other types of communication? For OE to be sucessful it needs to have a critical mass on the same (or autoselectable) OE system, useable across OSs, needs to be painless to install and use, and needs to be included in standard distros configured by default as ON (say every machine which left dell had optional ipsec on (and UDP encapsulation) with a common CA :). The necessary critical mass of people won't run OE if it requires extra effort assuming they even know of it's existance or what it does. Skype has achieved something in the encrypted world because it is on by default. In my unscientific WAG, more communication going over skype than SRTP, because SRTP is generally not shipped in a working state and there isn't a one stop CA. Anytime I have recommended using STARTTLS to my sysadmin friends, they have always worried about breaking stuff and complained about needed expensive certs. I would be willing to take the step of using a non authenticated mode (initially), if it would remove some of these impediments and create widespread use. There is a wikipedia entry on OE, but it is quite sparse, so update it if you have something to add. rearden On Fri, 26 May 2006 03:18:59 -0400 Sandy Harris <sandyinchina@gmail.com> wrote:
Some years back I worked on the FreeS/WAN project (freeswan.org), IPsec for Linux.
One of our goals was to implement "opportunistic encryption", to allow any two appropriately set up machines to communicate securely, without pre- arrangement between the two system administrators. Put authentication keys in DNS; they look those up and can then use IKE to do authenticated Diffie- Hellman to create the keys for secure links.
Recent news stories seem to me to make it obvious that anyone with privacy concerns (i.e. more-or-less everyone) should be encrypting as much of their communication as possible. Implementing opportunistic encryption is the best way I know of to do that for the Internet.
I'm somewhat out of touch, though, so I do not know to what extent people are using it now. That is my question here.
I do note that there are some relevant RFCs.
RFC 4322 Opportunistic Encryption using the Internet Key Exchange (IKE) RFC 4025 A Method for Storing IPsec Keying Material in DNS
and that both of FreeS/WAN's successor projects (openswan.org and strongswan.org) mention it in their docs. However, I don't know if it actually being used.
-- Sandy Harris Zhuhai, Guangdong, China
-------------------------------------------------------------------
The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]