potential new IETF WG on anonymous IPSec
Thomas Shaddack
shaddack at ns.arachne.cz
Wed Sep 15 18:22:43 PDT 2004
On Wed, 15 Sep 2004, Ian Grigg wrote:
> The whole point of the CA model is that there is no prior
> relationship and that the network is a wild wild west sort
> of place - both of these assumptions seem to be reversed
> in the backbone world, no? So one would think that using
> opportunistic cryptography would be ideal for the BGP world?
If I remember correctly, the TCP MD5 option field was designed for
securing BGP traffic, using the shared secret approach.
I was also thinking about "borrowing" this feature for things like
announcement of additional features, eg. the possibility of opportunistic
encryption, in eg. the TCP/SYNACK packets. There's space for 16 bytes of
magic numbers.
More information about the cypherpunks-legacy
mailing list