Status of opportunistic encryption
Sandy Harris
sandyinchina at gmail.com
Fri May 26 00:18:59 PDT 2006
Some years back I worked on the FreeS/WAN project (freeswan.org),
IPsec for Linux.
One of our goals was to implement "opportunistic encryption", to allow any
two
appropriately set up machines to communicate securely, without
pre-arrangement
between the two system administrators. Put authentication keys in DNS; they
look those up and can then use IKE to do authenticated Diffie-Hellman to
create
the keys for secure links.
Recent news stories seem to me to make it obvious that anyone with privacy
concerns (i.e. more-or-less everyone) should be encrypting as much of their
communication as possible. Implementing opportunistic encryption is the
best way I know of to do that for the Internet.
I'm somewhat out of touch, though, so I do not know to what extent people
are using it now. That is my question here.
I do note that there are some relevant RFCs.
RFC 4322 Opportunistic Encryption using the Internet Key Exchange (IKE)
RFC 4025 A Method for Storing IPsec Keying Material in DNS
and that both of FreeS/WAN's successor projects (openswan.org and
strongswan.org) mention it in their docs. However, I don't know if it
actually being used.
--
Sandy Harris
Zhuhai, Guangdong, China
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
More information about the cypherpunks-legacy
mailing list