Any Debian developers listening? ----- Forwarded message from Jonas Smedegaard <d...@jones.dk> -----
Date: Thu, 13 Jun 2013 01:28:18 +0200 From: Jonas Smedegaard <d...@jones.dk> To: Eugen Leitl <eu...@leitl.org>, freedombox-disc...@lists.alioth.debian.org Subject: Re: [Freedombox-discuss] BTNS on Freedombox User-Agent: alot/0.3.4 Quoting Eugen Leitl (2013-06-12 20:47:07) > On Wed, Jun 12, 2013 at 07:48:30PM +0200, Jonas Smedegaard wrote: > > Quoting Eugen Leitl (2013-06-12 17:46:54) > > > Do you see why IPv4/IPv6 BTNS wouldn't be a good out-of-the box > > > feature for the Freedombox? > > > > Uhm, could you please elaborate a bit on that? > > > > "Bitch That Need Slappin'" and "Toolbar Control and Button Styles" > > are some of the options coming up when I try figure out the meaning > > of that acronym. > > Oh, right. I always thought that acronym was rather unfortunate. > > It's Better Than Nothing Security, http://tools.ietf.org/html/rfc5386 > an opportunistic encryption IPsec mode that omits authentication, and > hence the whole PKI/DNS key publishing overhead. > > The result is resistant to passive taps, but not active (MITM) traffic > tampering on the wire (which is great, since latter is expensive, and > forces you to show your hand, and hence is detectable in principle, > which ups the stakes in the game). > > There are already some implementations, albeit labeled experimental. > It could be a low-work way to make a lot of traffic go dark, and annoy > some professionals. Thanks for clarifying. Sounds cool, but also sounds like something that needs maturing. FreedomBox is a server engineered by us geeks to be owned fully by non-geeks, and therefore have *no* system administrator. That means there is even less room for failure than the servers we run ourselves. I strongly believe that any and all pieces that we put into FreedomBox should already be in common use among geeks. Eat our own dog food, so to speak. To me that means we can *only* include in FreedomBox what is in Debian. So way forward for this is to get it into Debian. If it is patches to kernel drivers then work with Linux upstream to get the code into mainline branch, as it is highly unlikely that the Debian kernel team will be convinced to take the burden of maintaining it on their own. If it is patches to ipsec or another independent tool then file bugreports against the relevant package if/when mature enough for production use. Parallel to that, it might make sense already now to jot it onto one of the wiki pages for FreedomBox, for tracking its progress. But beware that FreedomBox wiki pages is *not* progress, only monitoring - always need action elsewhere to be of use. Hope that helps, - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech