[sandyinchina at gmail.com: Status of opportunistic encryption]

coderman coderman at gmail.com
Sun May 28 21:51:43 PDT 2006


On 5/28/06, Eugen Leitl <eugen at leitl.org> wrote:
> ...
> Recent news stories seem to me to make it obvious that anyone with privacy
> concerns (i.e. more-or-less everyone) should be encrypting as much of their
> communication as possible. Implementing opportunistic encryption is the
> best way I know of to do that for the Internet.
>
> I'm somewhat out of touch, though, so I do not know to what extent people
> are using it now. That is my question here.

opportunistic IPsec requires:
- additional latency during initial communication (sometimes excessive
waiting for timeouts)
- static public IP endpoint capable of IPsec
- keys published in DNS records
== totally unworkable for most users on the Internet.

SSH/SSL VPN's are much more suitable IMHO.  tied into a p2p style
NAT-punching configuration with simple key management (perhaps
opportunistic key exchange that can be upgraded to authenticated
exchange in person, etc) this _might_ be enough to blacken a majority
of Internet traffic.

OE via IPsec is certainly not though...

--

Wireless networks are a different story, and I am very much in favor
of IPsec for such networks.  The propinquity of participants can
facilitate other stronger / easier key management as well.





More information about the cypherpunks-legacy mailing list