[sandyinchina at gmail.com: Status of opportunistic encryption]
coderman
coderman at gmail.com
Sun May 28 21:51:43 PDT 2006
On 5/28/06, Eugen Leitl <eugen at leitl.org> wrote:
> ...
> Recent news stories seem to me to make it obvious that anyone with privacy
> concerns (i.e. more-or-less everyone) should be encrypting as much of their
> communication as possible. Implementing opportunistic encryption is the
> best way I know of to do that for the Internet.
>
> I'm somewhat out of touch, though, so I do not know to what extent people
> are using it now. That is my question here.
opportunistic IPsec requires:
- additional latency during initial communication (sometimes excessive
waiting for timeouts)
- static public IP endpoint capable of IPsec
- keys published in DNS records
== totally unworkable for most users on the Internet.
SSH/SSL VPN's are much more suitable IMHO. tied into a p2p style
NAT-punching configuration with simple key management (perhaps
opportunistic key exchange that can be upgraded to authenticated
exchange in person, etc) this _might_ be enough to blacken a majority
of Internet traffic.
OE via IPsec is certainly not though...
--
Wireless networks are a different story, and I am very much in favor
of IPsec for such networks. The propinquity of participants can
facilitate other stronger / easier key management as well.
More information about the cypherpunks-legacy
mailing list