[liberationtech] opportunistic encryption with IPv6
Eugen Leitl
eugen at leitl.org
Sun Jun 9 10:49:19 PDT 2013
Native IPv6 deployment is on an exponential
track http://www.google.com/ipv6/statistics.html
Unlike IPv4, IPv6 has had encryption as part
of the specs, but no opportunistic ways to
set up an encrypted session.
There have been efforts like
http://www.inrialpes.fr/planete/people/chneuman/OE.html
which did not suffer from scaling issues
of http://en.wikipedia.org/wiki/FreeS/WAN
(no need for additional high threshold of
entry technologies like DNS or PKI) yet never
achieved critical mass.
In the light of recent IPv6 growth there is
obviously considerable value in *working* IPv6
opportunistic session setups in open source
operating systems (Linux, *BSD) as it would
require active attacks to listen on a
connection (which are expensive and detectable
in principle) instead of passive and hence
undetectable traffic interception of cleartext.
Perhaps such a project would be of interest
to some parties on this list.
P.S. A darknet-like approach which also
uses IPv6 (but can tunnel over IPv4) is
http://en.wikipedia.org/wiki/Cjdns
More information about the liberationtech
mailing list