----- Forwarded message from Jim Small <jim.sm...@cdw.com> ----- Date: Mon, 10 Jun 2013 23:07:21 +0000 From: Jim Small <jim.sm...@cdw.com> To: IPv6 Hackers Mailing List <ipv6hack...@lists.si6networks.com> Subject: Re: [ipv6hackers] opportunistic encryption in IPv6 Reply-To: IPv6 Hackers Mailing List <ipv6hack...@lists.si6networks.com>
Hi Eugen, I took a quick look at this - a very interesting idea. I see a few issues that I didn't see answers to: * Paper references a host using MLD to join an Anycast group - but AFAIK, this is not in the standards (was a draft that appeared to die) and not supported * Says PKI isn't good, but then uses a form of it as part of the solution The fundamental challenge for encryption is key distribution and management: * How do I authenticate the intended recipient(s)? * How do I distribute a key without letting anyone except the intended recipient(s) get it? * How do I manage the key to periodically change it while keeping it confidential? * How do I notify the recipient if the key was compromised or is otherwise invalid? If this paper addressed this I missed it. The paper seems to imply that hosts get an RSA key pair but I didn't see how. If I'm relying on public keys, how do I know they're legitimate? The other challenge I see with this paper is that the "simple" endpoints must obtain a key pair, configure a CGA, and take explicit action to opt-in to encryption. Given the target I think this is unlikely to succeed. I think this is an interesting idea. For it to have a chance of adoption I think it would have to be transparent to the endpoints. --Jim > -----Original Message----- > From: ipv6hackers-boun...@lists.si6networks.com [mailto:ipv6hackers- > boun...@lists.si6networks.com] On Behalf Of Eugen Leitl > Sent: Monday, June 10, 2013 9:24 AM > To: ipv6hack...@lists.si6networks.com > Subject: [ipv6hackers] opportunistic encryption in IPv6 > > > Any idea why opportunistic encryption for IPv6 (e.g. > http://www.inrialpes.fr/planete/people/chneuman/OE.html ) was never > made ready for production? > _______________________________________________ > Ipv6hackers mailing list > ipv6hack...@lists.si6networks.com > http://lists.si6networks.com/listinfo/ipv6hackers _______________________________________________ Ipv6hackers mailing list ipv6hack...@lists.si6networks.com http://lists.si6networks.com/listinfo/ipv6hackers ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
