Zooko O'Whielcronx wrote:
On 2004, Sep 09, , at 16:57, Hal Finney wrote:
... an extension to IPsec to allow for unauthenticated connections. Presently IPsec relies on either pre-shared secrets or a trusted third party CA to authenticate the connection.
No. It can also use RSA public keys without embedding them in certificates or requiring a CA, let alone a 3rd party one.
The new proposal would let connections go forward using a straight Diffie-Hellman type exchange without authentication.
....
I don't think "anonymous" is the right word for this, and I hope the IETF comes up with a better one as they go forward.
Sounds right to me, though "unauthenticeted" might be more precise.
I believe that in the context of e-mail [1, 2, 3, 4] and FreeSWAN this is called "opportunistic encryption".
That is certainly not what FreeS/WAN meant by "opportunistic encryption". http://www.freeswan.org/freeswan_trees/freeswan-1.99/doc/glossary.html#carpediem
OE does authenticate all connections. The trick is that the public keys are stored in DNS so you do not have to exchange keys with the admin of a site before you can do secure communications to it.
For this to be secure, you need DNSsec widely deployed. In effect you are using DNS as a PKI. Without DNSsec, this reduces to something fairly anonymous -- anyone who can lie in DNS can pretend to be anyone they choose. However, that was never the design intent of OE. If you want anonymous connections, there are easier ways.
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
