Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] [Freedombox-discuss] BTNS on Freedombox

Eugen Leitl eugen at leitl.org
Wed Jun 12 23:23:28 PDT 2013


Any Debian developers listening?

----- Forwarded message from Jonas Smedegaard <dr at jones.dk> -----

Date: Thu, 13 Jun 2013 01:28:18 +0200
From: Jonas Smedegaard <dr at jones.dk>
To: Eugen Leitl <eugen at leitl.org>, freedombox-discuss at lists.alioth.debian.org
Subject: Re: [Freedombox-discuss] BTNS on Freedombox
User-Agent: alot/0.3.4

Quoting Eugen Leitl (2013-06-12 20:47:07)
> On Wed, Jun 12, 2013 at 07:48:30PM +0200, Jonas Smedegaard wrote:
> > Quoting Eugen Leitl (2013-06-12 17:46:54)
> > > Do you see why IPv4/IPv6 BTNS wouldn't be a good out-of-the box 
> > > feature for the Freedombox?
> > 
> > Uhm, could you please elaborate a bit on that?
> > 
> > "Bitch That Need Slappin'" and "Toolbar Control and Button Styles" 
> > are some of the options coming up when I try figure out the meaning 
> > of that acronym.
> 
> Oh, right. I always thought that acronym was rather unfortunate.
> 
> It's Better Than Nothing Security, http://tools.ietf.org/html/rfc5386 
> an opportunistic encryption IPsec mode that omits authentication, and 
> hence the whole PKI/DNS key publishing overhead.
> 
> The result is resistant to passive taps, but not active (MITM) traffic 
> tampering on the wire (which is great, since latter is expensive, and 
> forces you to show your hand, and hence is detectable in principle, 
> which ups the stakes in the game).
> 
> There are already some implementations, albeit labeled experimental. 
> It could be a low-work way to make a lot of traffic go dark, and annoy 
> some professionals.

Thanks for clarifying.

Sounds cool, but also sounds like something that needs maturing.

FreedomBox is a server engineered by us geeks to be owned fully by 
non-geeks, and therefore have *no* system administrator.  That means 
there is even less room for failure than the servers we run ourselves.

I strongly believe that any and all pieces that we put into FreedomBox 
should already be in common use among geeks.  Eat our own dog food, so 
to speak.  To me that means we can *only* include in FreedomBox what is 
in Debian.

So way forward for this is to get it into Debian.

If it is patches to kernel drivers then work with Linux upstream to get 
the code into mainline branch, as it is highly unlikely that the Debian 
kernel team will be convinced to take the burden of maintaining it on 
their own.

If it is patches to ipsec or another independent tool then file 
bugreports against the relevant package if/when mature enough for 
production use.


Parallel to that, it might make sense already now to jot it onto one of 
the wiki pages for FreedomBox, for tracking its progress.  But beware 
that FreedomBox wiki pages is *not* progress, only monitoring - always 
need action elsewhere to be of use.


Hope that helps,

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private



----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5



More information about the liberationtech mailing list