Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] [ipv6hackers] opportunistic encryption in IPv6

Eugen Leitl eugen at leitl.org
Tue Jun 11 04:25:47 PDT 2013


----- Forwarded message from Owen DeLong <owend at he.net> -----

Date: Mon, 10 Jun 2013 17:02:56 -0700
From: Owen DeLong <owend at he.net>
To: IPv6 Hackers Mailing List <ipv6hackers at lists.si6networks.com>
Subject: Re: [ipv6hackers] opportunistic encryption in IPv6
X-Mailer: Apple Mail (2.1499)
Reply-To: IPv6 Hackers Mailing List <ipv6hackers at lists.si6networks.com>

> The fundamental challenge for encryption is key distribution and management:
> * How do I authenticate the intended recipient(s)?

This is a traditional challenge with many traditional solutions, all of which have tradeoffs, especially in M2M communications.

> * How do I distribute a key without letting anyone except the intended recipient(s) get it?

DH pretty well solves this, no?

> * How do I manage the key to periodically change it while keeping it confidential?

Again, DH with PFS makes this a solved problem AFAIK.

> * How do I notify the recipient if the key was compromised or is otherwise invalid?

This doesn't seem all that hard so long as a rekey instruction is built into the protocol. I believe that's already the case with IPSEC SAs, no?

Vs. this paper, I think that opportunistic IPSEC, ala Micr0$0ft's "direct-connect" or whatever they call it product is quite a bit more viable.

It depends on AD as a PKI distribution mechanism for authentication.


Owen

_______________________________________________
Ipv6hackers mailing list
Ipv6hackers at lists.si6networks.com
http://lists.si6networks.com/listinfo/ipv6hackers

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5



More information about the liberationtech mailing list