[ipv6hackers] opportunistic encryption in IPv6

Mark Smith markzzzsmith at yahoo.com.au
Tue Jun 11 06:10:06 CEST 2013





----- Original Message -----
> From: Jim Small <jim.small at cdw.com>
> To: IPv6 Hackers Mailing List <ipv6hackers at lists.si6networks.com>
> Cc: 
> Sent: Tuesday, 11 June 2013 11:02 AM
> Subject: Re: [ipv6hackers] opportunistic encryption in IPv6
> 
> Hi Owen,
> 
>>  > The fundamental challenge for encryption is key distribution and
>>  management:
>>  > * How do I authenticate the intended recipient(s)?
>> 
>>  This is a traditional challenge with many traditional solutions, all of 
> which have
>>  tradeoffs, especially in M2M communications.
>> 
>>  > * How do I distribute a key without letting anyone except the intended
>>  recipient(s) get it?
>> 
>>  DH pretty well solves this, no?
> 
> Yes and no.  DH is a good answer, but IKE/IPsec still requires pre-shared keys 
> or RSA key pairs to start with.

Don't think so anymore.

"Better-Than-Nothing Security: An Unauthenticated Mode of IPsec"
http://tools.ietf.org/html/rfc5386


Don't know if there are any implementations available.



More information about the Ipv6hackers mailing list