[ipv6hackers] opportunistic encryption in IPv6

Eugen Leitl eugen at leitl.org
Wed Jun 12 18:06:36 CEST 2013

On Wed, Jun 12, 2013 at 09:34:11AM -0700, Tim wrote:

> Here, I just don't understand the logic.  To me, encrypting without
> authenticating buys you absolutely nothing, except to burn CPU cycles
> and contribute to global warming.  In the *vast* majority of
> networking technology we use, modifying data in transit is just as
> easy as passively reading data in transit, within a constant factor.
> (That is, in a big-O sense, these are the same difficulty.)

There is a very important use case for a passive global adversary
where adding active MITM at the core (at full wire speed,
potentially deep underwater so limited on space and power
budget) makes it a) considerably more expensive, possibly prohibitively so 
b) makes tampering in transit fundamentally detectable, 
since no longer passive.

I realize that this is a very poor match for enterprise users.
> SOOOO many different attempts at creating encryption protocols have
> utterly failed, and in most cases, it is because the designers have
> put the cart before the horse.  They've started with the easy
> encryption problem rather than addressing the hard authentication
> problem.

I think that the hard problem is sufficiently hard so it needs
to be pushed back. As soon as you add key management and look
up, especially over the network lookup it's starting to get
both complex and expensive. It's probably easier at higher layers,
up to the application layer.

More information about the Ipv6hackers mailing list