Status of opportunistic encryption
Florian Weimer
fw at deneb.enyo.de
Mon May 29 01:21:29 EDT 2006
* Sandy Harris:
> Recent news stories seem to me to make it obvious that anyone with privacy
> concerns (i.e. more-or-less everyone) should be encrypting as much of their
> communication as possible. Implementing opportunistic encryption is the
> best way I know of to do that for the Internet.
>
> I'm somewhat out of touch, though, so I do not know to what extent people
> are using it now. That is my question here.
It seems to me opportunistic encryption has moved to the application
layer, at least as far as Internet mail is concerned. Many MTAs use
TLS automatically with whatever certificates they can get. Of course,
this only guards against active attacks, but it seems to me that this
is a reasonable threat model. At least it's like to hide your
important GnuPG-encrypted messages from the casual traffic
analyst. 8->
> and that both of FreeS/WAN's successor projects (openswan.org and
> strongswan.org) mention it in their docs. However, I don't know if it
> actually being used.
Didn't Openswan announce that opportunistic encryption is deprecated?
My impression was that, according to its creators, Freeswan was mainly
about OE, but people used it as a regular IPsec implementation on
Linux. Openswan tried to bridge that gap, even while the Freeswan
project itself was still active.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list