Status of opportunistic encryption

[auto37159 at hushmail.com]

I am also interested in Opportunistic Encryption.  Even if it is
not as secure as a manually configured VPN, I am willing to trade
that for what it does provide.  I have looked at setting up
OpenSWAN in OE mode, but frankly it is daunting even for the
reasonably geeky and far beyond any kind of mass implementation.
Also the DNS requirements make it not a viable solution for the
majority of (dynamic DNS home) users.

It is fairly simple to turn on optional IPsec under windows, but
then everyone needs to use a common CA (say a thawate freemail
cert).  This option is far easier to use than setting up openswan
in OE on your router.

I am interested in how Zimmermann's ZRTP accomplishes things,
because he seems to have dropped the explicit need for PSKs or CAs.
 If this is really the case, could techniques like this be used for
other types of communication?

For OE to be sucessful it needs to have a critical mass on the same
(or autoselectable) OE system, useable across OSs, needs to be
painless to install and use, and needs to be included in standard
distros configured by default as ON (say every machine which left
dell had optional ipsec on (and UDP encapsulation) with a common CA
:).  The necessary critical mass of people won't run OE if it
requires extra effort assuming they even know of it's existance or
what it does.  Skype has achieved something in the encrypted world
because it is on by default.  In my unscientific WAG, more
communication going over skype than SRTP, because SRTP is generally
not shipped in a working state and there isn't a one stop CA.

Anytime I have recommended using STARTTLS to my sysadmin friends,
they have always worried about breaking stuff and complained about
needed expensive certs.  I would be willing to take the step of
using a non authenticated mode (initially), if it would remove some
of these impediments and create widespread use.

There is a wikipedia entry on OE, but it is quite sparse, so update
it if you have something to add.

rearden


On Fri, 26 May 2006 03:18:59 -0400 Sandy Harris
<sandyinchina at gmail.com> wrote:
>Some years back I worked on the FreeS/WAN project (freeswan.org),
>IPsec for Linux.
>
>One of our goals was to implement "opportunistic encryption", to
>allow any two
>appropriately set up machines to communicate securely, without pre-
>arrangement
>between the two system administrators. Put authentication keys in
>DNS; they
>look those up and can then use IKE to do authenticated Diffie-
>Hellman to create
>the keys for secure links.
>
>Recent news stories seem to me to make it obvious that anyone with
>privacy
>concerns (i.e. more-or-less everyone) should be encrypting as much
>of their
>communication as possible. Implementing opportunistic encryption
>is the
>best way I know of to do that for the Internet.
>
>I'm somewhat out of touch, though, so I do not know to what extent
>people
>are using it now. That is my question here.
>
>I do note that there are some relevant RFCs.
>
>RFC 4322 Opportunistic Encryption using the Internet Key Exchange
>(IKE)
>RFC 4025 A Method for Storing IPsec Keying Material in DNS
>
>and that both of FreeS/WAN's successor projects (openswan.org and
>strongswan.org) mention it in their docs. However, I don't know if
>it
>actually being used.
>
>--
>Sandy Harris
>Zhuhai, Guangdong, China
>
>-------------------------------------------------------------------
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]