Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] [ipv6hackers] opportunistic encryption in IPv6

Eugen Leitl eugen at leitl.org
Tue Jun 11 04:03:11 PDT 2013


----- Forwarded message from Jim Small <jim.small at cdw.com> -----

Date: Mon, 10 Jun 2013 23:07:21 +0000
From: Jim Small <jim.small at cdw.com>
To: IPv6 Hackers Mailing List <ipv6hackers at lists.si6networks.com>
Subject: Re: [ipv6hackers] opportunistic encryption in IPv6
Reply-To: IPv6 Hackers Mailing List <ipv6hackers at lists.si6networks.com>

Hi Eugen,

I took a quick look at this - a very interesting idea.  I see a few issues that I didn't see answers to:
* Paper references a host using MLD to join an Anycast group - but AFAIK, this is not in the standards (was a draft that appeared to die) and not supported
* Says PKI isn't good, but then uses a form of it as part of the solution

The fundamental challenge for encryption is key distribution and management:
* How do I authenticate the intended recipient(s)?
* How do I distribute a key without letting anyone except the intended recipient(s) get it?
* How do I manage the key to periodically change it while keeping it confidential?
* How do I notify the recipient if the key was compromised or is otherwise invalid?

If this paper addressed this I missed it.  The paper seems to imply that hosts get an RSA key pair but I didn't see how.  If I'm relying on public keys, how do I know they're legitimate?

The other challenge I see with this paper is that the "simple" endpoints must obtain a key pair, configure a CGA, and take explicit action to opt-in to encryption.  Given the target I think this is unlikely to succeed.  I think this is an interesting idea.  For it to have a chance of adoption I think it would have to be transparent to the endpoints.

--Jim


> -----Original Message-----
> From: ipv6hackers-bounces at lists.si6networks.com [mailto:ipv6hackers-
> bounces at lists.si6networks.com] On Behalf Of Eugen Leitl
> Sent: Monday, June 10, 2013 9:24 AM
> To: ipv6hackers at lists.si6networks.com
> Subject: [ipv6hackers] opportunistic encryption in IPv6
> 
> 
> Any idea why opportunistic encryption for IPv6 (e.g.
> http://www.inrialpes.fr/planete/people/chneuman/OE.html ) was never
> made ready for production?
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers
_______________________________________________
Ipv6hackers mailing list
Ipv6hackers at lists.si6networks.com
http://lists.si6networks.com/listinfo/ipv6hackers

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5



More information about the liberationtech mailing list