[ipv6hackers] opportunistic encryption in IPv6
jim.small at cdw.com
Tue Jun 11 06:27:33 CEST 2013
> >> > The fundamental challenge for encryption is key distribution and
> >> management:
> >> > * How do I authenticate the intended recipient(s)?
> >> > * How do I distribute a key without letting anyone except the
> >> intended recipient(s) get it?
> >> DH pretty well solves this, no?
> > Yes and no. DH is a good answer, but IKE/IPsec still requires
> > pre-shared keys or RSA key pairs to start with.
> Don't think so anymore.
> "Better-Than-Nothing Security: An Unauthenticated Mode of IPsec"
Thanks - I was not aware of that. So BTNS is interesting - but it doesn't solve the above problems. Per the RFC, BTNS doesn't authenticate peers. It would seem that secure key distribution (maintain confidentiality, integrity, and authentication) remains a vexing problem.
Here's an interesting question more relevant to the list and the paper though - are IPv6 CGAs useful? It seems like SeND is dead. But does anyone on the list think that CGAs could provide a useful competitive advantage for IPv6 over IPv4? Are these a useful building block? One thing I wonder about is a 64 bit hash is pretty small - I wonder if that is sufficiently complex to provide security for the coming decade+? PKI CAs using SCEP for enrollment/management work pretty well. If you could get a key pair from DHCP or as a function of using a directory service, use it to generate a CGA, and then use that just for authentication it would already be fantastic. Just being confident that an address is authentic and not spoofed is a huge improvement over the current state for Internet security.
More information about the Ipv6hackers