[liberationtech] [ipv6hackers] opportunistic encryption in IPv6
Eugen Leitl
eugen at leitl.org
Tue Jun 11 04:25:47 PDT 2013
----- Forwarded message from Owen DeLong <owend at he.net> -----
Date: Mon, 10 Jun 2013 17:02:56 -0700
From: Owen DeLong <owend at he.net>
To: IPv6 Hackers Mailing List <ipv6hackers at lists.si6networks.com>
Subject: Re: [ipv6hackers] opportunistic encryption in IPv6
X-Mailer: Apple Mail (2.1499)
Reply-To: IPv6 Hackers Mailing List <ipv6hackers at lists.si6networks.com>
> The fundamental challenge for encryption is key distribution and management:
> * How do I authenticate the intended recipient(s)?
This is a traditional challenge with many traditional solutions, all of which have tradeoffs, especially in M2M communications.
> * How do I distribute a key without letting anyone except the intended recipient(s) get it?
DH pretty well solves this, no?
> * How do I manage the key to periodically change it while keeping it confidential?
Again, DH with PFS makes this a solved problem AFAIK.
> * How do I notify the recipient if the key was compromised or is otherwise invalid?
This doesn't seem all that hard so long as a rekey instruction is built into the protocol. I believe that's already the case with IPSEC SAs, no?
Vs. this paper, I think that opportunistic IPSEC, ala Micr0$0ft's "direct-connect" or whatever they call it product is quite a bit more viable.
It depends on AD as a PKI distribution mechanism for authentication.
Owen
_______________________________________________
Ipv6hackers mailing list
Ipv6hackers at lists.si6networks.com
http://lists.si6networks.com/listinfo/ipv6hackers
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
More information about the liberationtech
mailing list