potential new IETF WG on anonymous IPSec
Sandy Harris
sandy at storm.ca
Sat Sep 11 16:20:29 EDT 2004
Zooko O'Whielcronx wrote:
> On 2004, Sep 09, , at 16:57, Hal Finney wrote:
>
>> ... an extension to IPsec to allow for unauthenticated
>> connections. Presently IPsec relies on either pre-shared secrets or a
>> trusted third party CA to authenticate the connection.
No. It can also use RSA public keys without embedding them in
certificates or requiring a CA, let alone a 3rd party one.
>> The new proposal
>> would let connections go forward using a straight Diffie-Hellman type
>> exchange without authentication.
>
> ....
>
>> I don't think "anonymous" is the right word for this, and I hope the
>> IETF comes up with a better one as they go forward.
>
Sounds right to me, though "unauthenticeted" might be
more precise.
> I believe that in the context of e-mail [1, 2, 3, 4] and FreeSWAN this
> is called "opportunistic encryption".
That is certainly not what FreeS/WAN meant by "opportunistic encryption".
http://www.freeswan.org/freeswan_trees/freeswan-1.99/doc/glossary.html#carpediem
OE does authenticate all connections. The trick is that the public keys
are stored in DNS so you do not have to exchange keys with the admin of
a site before you can do secure communications to it.
For this to be secure, you need DNSsec widely deployed. In effect you
are using DNS as a PKI. Without DNSsec, this reduces to something
fairly anonymous -- anyone who can lie in DNS can pretend to be
anyone they choose. However, that was never the design intent of
OE. If you want anonymous connections, there are easier ways.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list