potential new IETF WG on anonymous IPSec
Bill Stewart
bill.stewart at pobox.com
Mon Sep 13 15:00:19 EDT 2004
At 11:45 AM 9/12/2004, Sam Hartman wrote:
>No. opportunistic encryption means I have retrieved a key or cert for
>the other party, but do not know whether it is actually the right
>cert. This is slightly different although at the level of current
>discussion it has the same security properties.
Actually, FreeSWAN's "Opportunistic Encryption" meant
"if you've got IP traffic for somebody,
see if they can do encryption with you and use it if you can."
Because Gilmore wanted to make sure encryption was always done securely,
their implementation used a common PKI - DNSSEC and inverse DNS -
which has the advantage that a security gateway can use it when
all it knows is the IP address of the destination (which is typically the
case),
but the severe disadvantage that very few people have control
over that DNS space and also that an IP address may belong to more than one
domain.
There's a significant policy question there - if you don't have
a common PKI of some sort, is it worthwhile encrypting anyway,
protecting against passive eavesdroppers but not MITM,
or is that a false sense of security because the people who
most need security are the people most likely to have a government
annoyed enough at them to do the work of running a MITM attack?
Encryption against passive eavesdroppers makes password-stealing
and traffic analysis harder, so it's probably worth the risk,
but that wasn't the choice that FreeSWAM made.
Bill Stewart bill.stewart at pobox.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list