[ipv6hackers] opportunistic encryption in IPv6

Eugen Leitl eugen at leitl.org
Wed Jun 12 17:16:02 CEST 2013

On Wed, Jun 12, 2013 at 02:30:03PM +0000, Jim Small wrote:

> > If we want to increase deployment rate, it should be easier in the residential
> > or enterprise firewall (e.g. rolling it into OpenWRT or pfSense).
> I see where you're going, but from reviewing the proposal it would 
> seem to require setup on the endpoint.  If setup is required, why 

In case of cheap consumer "routers" running OpenWRT the actual
setup is minimal (or none, in case you happen to have DHCP).
So if you had BTNS activated out of the box, or available
as tickbox that would considerably ease deployment.
Use of BTNS would be transparent for all devices behind
the consumer NAT box, requiring zero administration on
each device. Am I misunderstanding something, or is this
essentially correct?

How much latency penalty does BTNS add to your session, both
for cases where the opposite system supports BTNS and
when it does? Is there a significant difference between
IPv4 and IPv6 here, or is that below detectability threshold
(say, <5 ms added).

> not just do OE from the endpoint?  I don't see how a gateway is 
> making it easier in this case - if anything it seems like the gateways add more complexity.

I'm probably just using the wrong term.

Thanks lots, for some reason OE and BTNS has slipped my mind
for a while. 

More information about the Ipv6hackers mailing list