[ipv6hackers] [Freedombox-discuss] BTNS on Freedombox
Eugen Leitl
eugen at leitl.org
Thu Jun 13 08:23:28 CEST 2013
Any Debian developers listening?
----- Forwarded message from Jonas Smedegaard <dr at jones.dk> -----
Date: Thu, 13 Jun 2013 01:28:18 +0200
From: Jonas Smedegaard <dr at jones.dk>
To: Eugen Leitl <eugen at leitl.org>, freedombox-discuss at lists.alioth.debian.org
Subject: Re: [Freedombox-discuss] BTNS on Freedombox
User-Agent: alot/0.3.4
Quoting Eugen Leitl (2013-06-12 20:47:07)
> On Wed, Jun 12, 2013 at 07:48:30PM +0200, Jonas Smedegaard wrote:
> > Quoting Eugen Leitl (2013-06-12 17:46:54)
> > > Do you see why IPv4/IPv6 BTNS wouldn't be a good out-of-the box
> > > feature for the Freedombox?
> >
> > Uhm, could you please elaborate a bit on that?
> >
> > "Bitch That Need Slappin'" and "Toolbar Control and Button Styles"
> > are some of the options coming up when I try figure out the meaning
> > of that acronym.
>
> Oh, right. I always thought that acronym was rather unfortunate.
>
> It's Better Than Nothing Security, http://tools.ietf.org/html/rfc5386
> an opportunistic encryption IPsec mode that omits authentication, and
> hence the whole PKI/DNS key publishing overhead.
>
> The result is resistant to passive taps, but not active (MITM) traffic
> tampering on the wire (which is great, since latter is expensive, and
> forces you to show your hand, and hence is detectable in principle,
> which ups the stakes in the game).
>
> There are already some implementations, albeit labeled experimental.
> It could be a low-work way to make a lot of traffic go dark, and annoy
> some professionals.
Thanks for clarifying.
Sounds cool, but also sounds like something that needs maturing.
FreedomBox is a server engineered by us geeks to be owned fully by
non-geeks, and therefore have *no* system administrator. That means
there is even less room for failure than the servers we run ourselves.
I strongly believe that any and all pieces that we put into FreedomBox
should already be in common use among geeks. Eat our own dog food, so
to speak. To me that means we can *only* include in FreedomBox what is
in Debian.
So way forward for this is to get it into Debian.
If it is patches to kernel drivers then work with Linux upstream to get
the code into mainline branch, as it is highly unlikely that the Debian
kernel team will be convinced to take the burden of maintaining it on
their own.
If it is patches to ipsec or another independent tool then file
bugreports against the relevant package if/when mature enough for
production use.
Parallel to that, it might make sense already now to jot it onto one of
the wiki pages for FreedomBox, for tracking its progress. But beware
that FreedomBox wiki pages is *not* progress, only monitoring - always
need action elsewhere to be of use.
Hope that helps,
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
More information about the Ipv6hackers
mailing list