Status of opportunistic encryption

auto37159 at hushmail.com auto37159 at hushmail.com
Tue May 30 10:27:57 EDT 2006 

I am also interested in Opportunistic Encryption.  Even if it is 
not as secure as a manually configured VPN, I am willing to trade 
that for what it does provide.  I have looked at setting up 
OpenSWAN in OE mode, but frankly it is daunting even for the 
reasonably geeky and far beyond any kind of mass implementation.  
Also the DNS requirements make it not a viable solution for the 
majority of (dynamic DNS home) users.

It is fairly simple to turn on optional IPsec under windows, but 
then everyone needs to use a common CA (say a thawate freemail 
cert).  This option is far easier to use than setting up openswan 
in OE on your router.

I am interested in how Zimmermann's ZRTP accomplishes things, 
because he seems to have dropped the explicit need for PSKs or CAs. 
 If this is really the case, could techniques like this be used for 
other types of communication?

For OE to be sucessful it needs to have a critical mass on the same 
(or autoselectable) OE system, useable across OSs, needs to be 
painless to install and use, and needs to be included in standard 
distros configured by default as ON (say every machine which left 
dell had optional ipsec on (and UDP encapsulation) with a common CA 
:).  The necessary critical mass of people won't run OE if it 
requires extra effort assuming they even know of it's existance or 
what it does.  Skype has achieved something in the encrypted world 
because it is on by default.  In my unscientific WAG, more 
communication going over skype than SRTP, because SRTP is generally 
not shipped in a working state and there isn't a one stop CA.

Anytime I have recommended using STARTTLS to my sysadmin friends, 
they have always worried about breaking stuff and complained about 
needed expensive certs.  I would be willing to take the step of 
using a non authenticated mode (initially), if it would remove some 
of these impediments and create widespread use.

There is a wikipedia entry on OE, but it is quite sparse, so update 
it if you have something to add.

rearden


On Fri, 26 May 2006 03:18:59 -0400 Sandy Harris 
<sandyinchina at gmail.com> wrote:
>Some years back I worked on the FreeS/WAN project (freeswan.org),
>IPsec for Linux.
>
>One of our goals was to implement "opportunistic encryption", to 
>allow any two
>appropriately set up machines to communicate securely, without pre-
>arrangement
>between the two system administrators. Put authentication keys in 
>DNS; they
>look those up and can then use IKE to do authenticated Diffie-
>Hellman to create
>the keys for secure links.
>
>Recent news stories seem to me to make it obvious that anyone with 
>privacy
>concerns (i.e. more-or-less everyone) should be encrypting as much 
>of their
>communication as possible. Implementing opportunistic encryption 
>is the
>best way I know of to do that for the Internet.
>
>I'm somewhat out of touch, though, so I do not know to what extent 
>people
>are using it now. That is my question here.
>
>I do note that there are some relevant RFCs.
>
>RFC 4322 Opportunistic Encryption using the Internet Key Exchange 
>(IKE)
>RFC 4025 A Method for Storing IPsec Keying Material in DNS
>
>and that both of FreeS/WAN's successor projects (openswan.org and
>strongswan.org) mention it in their docs. However, I don't know if 
>it
>actually being used.
>
>-- 
>Sandy Harris
>Zhuhai, Guangdong, China
>
>-------------------------------------------------------------------
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list