[Cryptography] Implementing full Internet IPv6 end-to-end encryption based on Cryptographically Generated Address

Ttttabcd ttttabcd at protonmail.com
Thu Jan 24 00:45:22 EST 2019



> On Sun, 20 Jan 2019, Ttttabcd via cryptography wrote:
>
> > There have been rumors that IPv6 can implement end-to-end encryption of all the Internet based on IPsec, but this is impossible.
> > IPsec is also based on passwords or certificates, and also requires shared secrets.
>
> Note that IPsec supports asymmetric null authentication, which we use
> for Opportunistic IPsec. So in that case, the client authenticates the
> server (eg based on letsencrypt or DNSSEC or otherwise) and the server
> does not authenticate the client. The client remains anonymous at the
> IP layer, similar to how TLS works.
>
> > The problem is that there is no shared secret between us and strangers. Without the secret of sharing, we can't authenticate each other. If this problem is not solved, Internet end-to-end encryption is impossible.
>
> The problem is that a shared secret between strangers doesn't help me
> identifying you from a crowd of strangers. We all have to publish
> some kind of pseudo identity that others need to be able to verify.
>
> > Now we can send the public key to the stranger and sign it with the private key. MITM cannot replace the public key. Because there is a hash of the public key in the IPv6 address, the public key cannot be forged.
>
> Sure, now you might have preventedour connection from a MITM, but how
> do I know you are not the MITM ? Who are you? Who am I? Which two
> parties are trying to communicate? How do you identify these parties
> and how do they identify each other?
>
> If you can answer that, you can answer how to obtain a public key of
> that identity. Be it via DNS FQDN, CAs, blockchain publications, or
> an ad in the New York Times.
>
> > When we communicate with strangers, we can use the following handshaking protocol.
>
> So here, you only accomplish confidentiality toa stranger. But you
> have no idea which stranger.
>
> > 1.  Alice sends the public key, the Diffie-Hellman key, and the signature of the DH-Key with the private key. When Bob receives the message, the public key is verified by CGA. The public key verifies the signature, and DH-Key can be used to generate its own AES password.
>
> What does that public key contain as identifying reference? an email
> address? a Slack handle? A SSN?
>
> Paul

This is to achieve end-to-end encryption without CA.

Prove a specific identity with a specific IPv6 address.

Of course, if you want to implement the HTTPS function, you still need CA.



More information about the cryptography mailing list