Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] [ipv6hackers] opportunistic encryption in IPv6

Eugen Leitl eugen at
Tue Jun 11 04:25:47 PDT 2013

----- Forwarded message from Owen DeLong <owend at> -----

Date: Mon, 10 Jun 2013 17:02:56 -0700
From: Owen DeLong <owend at>
To: IPv6 Hackers Mailing List <ipv6hackers at>
Subject: Re: [ipv6hackers] opportunistic encryption in IPv6
X-Mailer: Apple Mail (2.1499)
Reply-To: IPv6 Hackers Mailing List <ipv6hackers at>

> The fundamental challenge for encryption is key distribution and management:
> * How do I authenticate the intended recipient(s)?

This is a traditional challenge with many traditional solutions, all of which have tradeoffs, especially in M2M communications.

> * How do I distribute a key without letting anyone except the intended recipient(s) get it?

DH pretty well solves this, no?

> * How do I manage the key to periodically change it while keeping it confidential?

Again, DH with PFS makes this a solved problem AFAIK.

> * How do I notify the recipient if the key was compromised or is otherwise invalid?

This doesn't seem all that hard so long as a rekey instruction is built into the protocol. I believe that's already the case with IPSEC SAs, no?

Vs. this paper, I think that opportunistic IPSEC, ala Micr0$0ft's "direct-connect" or whatever they call it product is quite a bit more viable.

It depends on AD as a PKI distribution mechanism for authentication.


Ipv6hackers mailing list
Ipv6hackers at

----- End forwarded message -----
Eugen* Leitl <a href="">leitl</a>
ICBM: 48.07100, 11.36820
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5

More information about the liberationtech mailing list