On 5/28/06, Eugen Leitl <eugen@leitl.org> wrote:
... Recent news stories seem to me to make it obvious that anyone with privacy concerns (i.e. more-or-less everyone) should be encrypting as much of their communication as possible. Implementing opportunistic encryption is the best way I know of to do that for the Internet.
I'm somewhat out of touch, though, so I do not know to what extent people are using it now. That is my question here.
opportunistic IPsec requires: - additional latency during initial communication (sometimes excessive waiting for timeouts) - static public IP endpoint capable of IPsec - keys published in DNS records == totally unworkable for most users on the Internet. SSH/SSL VPN's are much more suitable IMHO. tied into a p2p style NAT-punching configuration with simple key management (perhaps opportunistic key exchange that can be upgraded to authenticated exchange in person, etc) this _might_ be enough to blacken a majority of Internet traffic. OE via IPsec is certainly not though... -- Wireless networks are a different story, and I am very much in favor of IPsec for such networks. The propinquity of participants can facilitate other stronger / easier key management as well.