Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] opportunistic encryption with IPv6

Eugen Leitl eugen at leitl.org
Sun Jun 9 10:49:19 PDT 2013


Native IPv6 deployment is on an exponential
track http://www.google.com/ipv6/statistics.html

Unlike IPv4, IPv6 has had encryption as part
of the specs, but no opportunistic ways to
set up an encrypted session.

There have been efforts like
http://www.inrialpes.fr/planete/people/chneuman/OE.html
which did not suffer from scaling issues
of http://en.wikipedia.org/wiki/FreeS/WAN
(no need for additional high threshold of
entry technologies like DNS or PKI) yet never 
achieved critical mass.

In the light of recent IPv6 growth there is
obviously considerable value in *working* IPv6
opportunistic session setups in open source
operating systems (Linux, *BSD) as it would
require active attacks to listen on a
connection (which are expensive and detectable 
in principle) instead of passive and hence 
undetectable traffic interception of cleartext.

Perhaps such a project would be of interest
to some parties on this list.

P.S. A darknet-like approach which also
uses IPv6 (but can tunnel over IPv4) is
http://en.wikipedia.org/wiki/Cjdns



More information about the liberationtech mailing list