potential new IETF WG on anonymous IPSec
Ian Grigg
iang at systemics.com
Wed Sep 15 19:12:54 EDT 2004
Bill Stewart wrote:
> Actually, FreeSWAN's "Opportunistic Encryption" meant
> "if you've got IP traffic for somebody,
> see if they can do encryption with you and use it if you can."
That seems to be the meaning of putting "Opportunistic"
and "Encryption" together.
> Because Gilmore wanted to make sure encryption was always done securely,
> their implementation used a common PKI - DNSSEC and inverse DNS -
> which has the advantage that a security gateway can use it when
> all it knows is the IP address of the destination (which is typically
> the case),
> but the severe disadvantage that very few people have control
> over that DNS space and also that an IP address may belong to more than
> one domain.
>
> There's a significant policy question there - if you don't have
> a common PKI of some sort, is it worthwhile encrypting anyway,
> protecting against passive eavesdroppers but not MITM,
> or is that a false sense of security because the people who
> most need security are the people most likely to have a government
> annoyed enough at them to do the work of running a MITM attack?
> Encryption against passive eavesdroppers makes password-stealing
> and traffic analysis harder, so it's probably worth the risk,
> but that wasn't the choice that FreeSWAM made.
Bill, you have a knack for putting this in context.
Historically, it's possible to see why Gilmore went
with the no-risk security, and reduced deployment of
FreeSWAN by an order of magnitude or more.
But, these days, it seems like a no-brainer: there
is no such thing as an easily accessible trustworthy
PKI. (I am recalled to mind the Hettingarian creed of
"only financial guaruntees are trustworthy guaruntees...")
And, the ones who have a government annoyed at them
probably know they need special care.... I've not met
a revolutionary that didn't know that the government
is shooting at them.
So the question is, how do we get FreeSWAN to use
opportunistic cryptography, sans DNS?
iang
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list