[ipv6hackers] [liberationtech] [Freedombox-discuss] BTNS on Freedombox

Eugen Leitl eugen at leitl.org
Thu Jun 13 11:09:38 CEST 2013 

On Thu, Jun 13, 2013 at 08:23:28AM +0200, Eugen Leitl wrote:
> 
> Any Debian developers listening?

I've been pointed towards the procedure for inclusion
in Debian off-list and would like to help to make it
happen.

Can someone in the know point me towards most
close to production-ready implementation of BTNS or
BTNS-like opportunistic encryption (i.e. not
Freeswan) for Linux or *BSD? Thanks lots.
 
> ----- Forwarded message from Jonas Smedegaard <dr at jones.dk> -----
> 
> Date: Thu, 13 Jun 2013 01:28:18 +0200
> From: Jonas Smedegaard <dr at jones.dk>
> To: Eugen Leitl <eugen at leitl.org>, freedombox-discuss at lists.alioth.debian.org
> Subject: Re: [Freedombox-discuss] BTNS on Freedombox
> User-Agent: alot/0.3.4
> 
> Quoting Eugen Leitl (2013-06-12 20:47:07)
> > On Wed, Jun 12, 2013 at 07:48:30PM +0200, Jonas Smedegaard wrote:
> > > Quoting Eugen Leitl (2013-06-12 17:46:54)
> > > > Do you see why IPv4/IPv6 BTNS wouldn't be a good out-of-the box 
> > > > feature for the Freedombox?
> > > 
> > > Uhm, could you please elaborate a bit on that?
> > > 
> > > "Bitch That Need Slappin'" and "Toolbar Control and Button Styles" 
> > > are some of the options coming up when I try figure out the meaning 
> > > of that acronym.
> > 
> > Oh, right. I always thought that acronym was rather unfortunate.
> > 
> > It's Better Than Nothing Security, http://tools.ietf.org/html/rfc5386 
> > an opportunistic encryption IPsec mode that omits authentication, and 
> > hence the whole PKI/DNS key publishing overhead.
> > 
> > The result is resistant to passive taps, but not active (MITM) traffic 
> > tampering on the wire (which is great, since latter is expensive, and 
> > forces you to show your hand, and hence is detectable in principle, 
> > which ups the stakes in the game).
> > 
> > There are already some implementations, albeit labeled experimental. 
> > It could be a low-work way to make a lot of traffic go dark, and annoy 
> > some professionals.
> 
> Thanks for clarifying.
> 
> Sounds cool, but also sounds like something that needs maturing.
> 
> FreedomBox is a server engineered by us geeks to be owned fully by 
> non-geeks, and therefore have *no* system administrator.  That means 
> there is even less room for failure than the servers we run ourselves.
> 
> I strongly believe that any and all pieces that we put into FreedomBox 
> should already be in common use among geeks.  Eat our own dog food, so 
> to speak.  To me that means we can *only* include in FreedomBox what is 
> in Debian.
> 
> So way forward for this is to get it into Debian.
> 
> If it is patches to kernel drivers then work with Linux upstream to get 
> the code into mainline branch, as it is highly unlikely that the Debian 
> kernel team will be convinced to take the burden of maintaining it on 
> their own.
> 
> If it is patches to ipsec or another independent tool then file 
> bugreports against the relevant package if/when mature enough for 
> production use.
> 
> 
> Parallel to that, it might make sense already now to jot it onto one of 
> the wiki pages for FreedomBox, for tracking its progress.  But beware 
> that FreedomBox wiki pages is *not* progress, only monitoring - always 
> need action elsewhere to be of use.
> 
> 
> Hope that helps,
> 
>  - Jonas
> 
> -- 
>  * Jonas Smedegaard - idealist & Internet-arkitekt
>  * Tlf.: +45 40843136  Website: http://dr.jones.dk/
> 
>  [x] quote me freely  [ ] ask before reusing  [ ] keep private
> 
> 
> 
> ----- End forwarded message -----
> -- 
> Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
> ______________________________________________________________
> ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
> AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5
> --
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5

More information about the Ipv6hackers mailing list