No. opportunistic encryption means I have retrieved a key or cert for the other party, but do not know whether it is actually the right cert. This is slightly different although at the level of current discussion it has the same security properties.
Actually, FreeSWAN's "Opportunistic Encryption" meant "if you've got IP traffic for somebody, see if they can do encryption with you and use it if you can."
Because Gilmore wanted to make sure encryption was always done securely,
their implementation used a common PKI - DNSSEC and inverse DNS -
which has the advantage that a security gateway can use it when
all it knows is the IP address of the destination (which is typically the case),
but the severe disadvantage that very few people have control
over that DNS space and also that an IP address may belong to more than one domain.
There's a significant policy question there - if you don't have a common PKI of some sort, is it worthwhile encrypting anyway, protecting against passive eavesdroppers but not MITM, or is that a false sense of security because the people who most need security are the people most likely to have a government annoyed enough at them to do the work of running a MITM attack? Encryption against passive eavesdroppers makes password-stealing and traffic analysis harder, so it's probably worth the risk, but that wasn't the choice that FreeSWAM made.
Bill Stewart [EMAIL PROTECTED]
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
