potential new IETF WG on anonymous IPSec
Sam Hartman
hartmans at mit.edu
Sun Sep 12 14:45:12 EDT 2004
>>>>> "Zooko" == Zooko O'Whielcronx <zooko at zooko.com> writes:
Zooko> On 2004, Sep 09, , at 16:57, Hal Finney wrote:
>> To clarify, this is not really "anonymous" in the usual sense.
>> Rather it is a proposal to an extension to IPsec to allow for
>> unauthenticated connections. Presently IPsec relies on either
>> pre-shared secrets or a trusted third party CA to authenticate
>> the connection. The new proposal would let connections go
>> forward using a straight Diffie-Hellman type exchange without
>> authentication.
Zooko> ...
>> I don't think "anonymous" is the right word for this, and I
>> hope the IETF comes up with a better one as they go forward.
Zooko> I believe that in the context of e-mail [1, 2, 3, 4] and
Zooko> FreeSWAN this is called "opportunistic encryption".
No. opportunistic encryption means I have retrieved a key or cert for
the other party, but do not know whether it is actually the right
cert. This is slightly different although at the level of current
discussion it has the same security properties.
--Sam
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list