[liberationtech] [ipv6hackers] opportunistic encryption in IPv6
Eugen Leitl
eugen at leitl.org
Tue Jun 11 06:43:58 PDT 2013
----- Forwarded message from Mark Smith <markzzzsmith at yahoo.com.au> -----
Date: Mon, 10 Jun 2013 21:10:06 -0700 (PDT)
From: Mark Smith <markzzzsmith at yahoo.com.au>
To: IPv6 Hackers Mailing List <ipv6hackers at lists.si6networks.com>
Subject: Re: [ipv6hackers] opportunistic encryption in IPv6
X-Mailer: YahooMailWebService/0.8.146.552
Reply-To: IPv6 Hackers Mailing List <ipv6hackers at lists.si6networks.com>
----- Original Message -----
> From: Jim Small <jim.small at cdw.com>
> To: IPv6 Hackers Mailing List <ipv6hackers at lists.si6networks.com>
> Cc:
> Sent: Tuesday, 11 June 2013 11:02 AM
> Subject: Re: [ipv6hackers] opportunistic encryption in IPv6
>
> Hi Owen,
>
>> > The fundamental challenge for encryption is key distribution and
>> management:
>> > * How do I authenticate the intended recipient(s)?
>>
>> This is a traditional challenge with many traditional solutions, all of
> which have
>> tradeoffs, especially in M2M communications.
>>
>> > * How do I distribute a key without letting anyone except the intended
>> recipient(s) get it?
>>
>> DH pretty well solves this, no?
>
> Yes and no. DH is a good answer, but IKE/IPsec still requires pre-shared keys
> or RSA key pairs to start with.
Don't think so anymore.
"Better-Than-Nothing Security: An Unauthenticated Mode of IPsec"
http://tools.ietf.org/html/rfc5386
Don't know if there are any implementations available.
_______________________________________________
Ipv6hackers mailing list
Ipv6hackers at lists.si6networks.com
http://lists.si6networks.com/listinfo/ipv6hackers
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
More information about the liberationtech
mailing list