[Cryptography] Implementing full Internet IPv6 end-to-end encryption based on Cryptographically Generated Address

[Tom Mitchell]

On Thu, Jan 24, 2019 at 12:21 PM grarpamp <grarpamp at gmail.com> wrote:

> >>> > When we communicate with strangers, we can use the following
> >>> > handshaking protocol.
>
......

> >>>
> >>> So here, you only accomplish confidentiality toa stranger. But you
> >>> have no idea which stranger.
> ...
> > Besides that, anyone who controls some of the BGP tables or routing
> > can be an instance of 2600::c900:9106:adca:dc36 passing identification
> > of your crypto scheme.
>

Not just stranger, strangers.
A given IP address of any type could present data from any of a billion
individuals.
DHCP for IPv4 and IPv6 make IP addresses ephemeral to the point that a
previously
established connection cannot be trusted a second time.  DHCP and friends
are not obligated to
refresh with the same IP address if I recall correctly so that dynamic
needs to be
addressed.

That said inside a well managed network (local, metropolitan or global)
link encryption
has great value but is not sufficient with structured and unstructured
company data
and secrets hosted on any specific IP address (multi interface machines?).

An interesting thought:  A browser has numerous network connections.  Is
their a MAC
(mandatory access control) strategy inside any browser that enforces
read/write rules
for files, cache, cookies, etc so meltedcheese.com  cannot interact with
Kraftcheese.com
and keep some URI specific durable enough ID/key to pickup when IP
addresses change
or the lid of a lap top is closed and opened multiple times.

An application (browser) can attempt this by itself (model as in clay) and
with quality OS support
have some chance of durability (cast in bronze) in the future.









-- 
   T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20190124/22fd129d/attachment.html>