[ipv6hackers] opportunistic encryption in IPv6

S.P.Zeidler spz at serpens.de
Fri Jun 14 10:05:30 CEST 2013


Hi,

Thus wrote Tim (tim-security at sentinelchicken.org):

> Here, I just don't understand the logic.  To me, encrypting without
> authenticating buys you absolutely nothing, except to burn CPU cycles
> and contribute to global warming.

Yes and no; if we had long sessions that weren't encrypted anyway,
it might help you detect that someone has started to MitM your
existing conversation.
Given that long term sessions are the exception rather than the norm,
that will not often be the case though.

Also I wonder what traffic exactly is supposed to get opportunistically
encrypted that isn't encrypted or at least encryptable already?

>   - The act of communicating with a node causes their key (or CA's
>     key) to be signed and that signature to be published
>     automatically.  The logic is, if you trusted a node's identity
>     once, then you should share the knowledge of that trust. This
>     publishing process needs to be anonymized somehow.  There needs to
>     be incentives for publishing (think bitcoin).

So if I visit a URL promising "cute kittens!", I endorse the identity of
the site? even though I don't care a figs' leaf about the site identity?
That does not seem particularily wise to me.

regards,
	spz
-- 
spz at serpens.de (S.P.Zeidler)



More information about the Ipv6hackers mailing list