Status of opportunistic encryption

I am also interested in Opportunistic Encryption.  Even if
it is 
not as secure as a manually configured VPN, I am willing to
trade 
that for what it does provide.  I have looked at setting up 
OpenSWAN in OE mode, but frankly it is daunting even for the

reasonably geeky and far beyond any kind of mass
implementation.  
Also the DNS requirements make it not a viable solution for
the 
majority of (dynamic DNS home) users.

It is fairly simple to turn on optional IPsec under windows,
but 
then everyone needs to use a common CA (say a thawate
freemail 
cert).  This option is far easier to use than setting up
openswan 
in OE on your router.

I am interested in how Zimmermann's ZRTP accomplishes
things, 
because he seems to have dropped the explicit need for PSKs
or CAs. 
 If this is really the case, could techniques like this be
used for 
other types of communication?

For OE to be sucessful it needs to have a critical mass on
the same 
(or autoselectable) OE system, useable across OSs, needs to
be 
painless to install and use, and needs to be included in
standard 
distros configured by default as ON (say every machine which
left 
dell had optional ipsec on (and UDP encapsulation) with a
common CA 
.  The
necessary critical mass of people won't run OE if it 
requires extra effort assuming they even know of it's
existance or 
what it does.  Skype has achieved something in the encrypted
world 
because it is on by default.  In my unscientific WAG, more 
communication going over skype than SRTP, because SRTP is
generally 
not shipped in a working state and there isn't a one stop
CA.

Anytime I have recommended using STARTTLS to my sysadmin
friends, 
they have always worried about breaking stuff and complained
about 
needed expensive certs.  I would be willing to take the step
of 
using a non authenticated mode (initially), if it would
remove some 
of these impediments and create widespread use.

There is a wikipedia entry on OE, but it is quite sparse, so
update 
it if you have something to add.

rearden


On Fri, 26 May 2006 03:18:59 -0400 Sandy Harris 
<sandyinchinagmail.com> wrote:
>Some years back I worked on the FreeS/WAN project
(freeswan.org),
>IPsec for Linux.
>
>One of our goals was to implement "opportunistic
encryption", to 
>allow any two
>appropriately set up machines to communicate securely,
without pre-
>arrangement
>between the two system administrators. Put
authentication keys in 
>DNS; they
>look those up and can then use IKE to do authenticated
Diffie-
>Hellman to create
>the keys for secure links.
>
>Recent news stories seem to me to make it obvious that
anyone with 
>privacy
>concerns (i.e. more-or-less everyone) should be
encrypting as much 
>of their
>communication as possible. Implementing opportunistic
encryption 
>is the
>best way I know of to do that for the Internet.
>
>I'm somewhat out of touch, though, so I do not know to
what extent 
>people
>are using it now. That is my question here.
>
>I do note that there are some relevant RFCs.
>
>RFC 4322 Opportunistic Encryption using the Internet Key
Exchange 
>(IKE)
>RFC 4025 A Method for Storing IPsec Keying Material in
DNS
>
>and that both of FreeS/WAN's successor projects
(openswan.org and
>strongswan.org) mention it in their docs. However, I
don't know if 
>it
>actually being used.
>
>-- 
>Sandy Harris
>Zhuhai, Guangdong, China
>
>--------------------------------------------------------
-----------
------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com

<auto37159hushmail.com> writes:

>I am also interested in Opportunistic Encryption.  Even
if it is not as
>secure as a manually configured VPN, I am willing to
trade that for what it
>does provide.  I have looked at setting up OpenSWAN in
OE mode, but frankly
>it is daunting even for the reasonably geeky and far
beyond any kind of mass
>implementation.

Grab OpenVPN (which is what OpenSWAN should be), install,
point it at the
target system, and you have opportunistic encryption.

>Anytime I have recommended using STARTTLS to my sysadmin
friends, they have
>always worried about breaking stuff and complained about
needed expensive
>certs.

Why do you need expensive certs?  It's opportunistic
encryption, you generate
a self-signed cert on install and you're done.

Peter.

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com

On Thu, Jun 01, 2006 at 01:47:06PM +1200, Peter Gutmann
wrote:
> Grab OpenVPN (which is what OpenSWAN should be),
install, point it at the
> target system, and you have opportunistic encryption.

Forgive my doltishness, but could you expand on that just a
bit, please (or
point at the right place in the docs)? I've used openvpn to
set up dedicated
tunnels, but it isn't immediately obvious to me how it
would be configured to
do opportunistic encryption.

-- 
Kent Crispin 
kenticann.org    p: +1 310 823 9358  f: +1 310 823 8649
kentsongbird.com SIP: 81202fwd.pulver.com


------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com

kent crispin <kentsongbird.com> writes:
>On Thu, Jun 01, 2006 at 01:47:06PM +1200, Peter Gutmann
wrote:
>>Grab OpenVPN (which is what OpenSWAN should be),
install, point it at the
>>target system, and you have opportunistic
encryption.
>
>Forgive my doltishness, but could you expand on that
just a bit, please (or
>point at the right place in the docs)? I've used
openvpn to set up dedicated
>tunnels, but it isn't immediately obvious to me how it
would be configured to
>do opportunistic encryption.

OK, it looks like there are several different views of what
opportunistic
encryption actually is.  My definition was "I'd like
to talk to X, with
encryption if available", which is what the
STARTTLS/STLS/AUTH TLS upgrade
mechanisms do for POP/IMAP/SMTP/FTP.  In that sense no
tunnel mechanism (at
least that I know of) can really do that, you'd need
something like a STARTTLS
mechanism for L2TP (the non-opportunistic way of doing this
is to run L2TP
over IPsec).  I don't know why anyone'd want to implement
that, since it's
easier to just drop in your VPN app or device of choice.

The opportunistic encryption that OpenVPN gives you is
manual rather than
automatic, since there's no way to upgrade "any
protocol at all" to "any
protocol at all, but with encryption".  The reason
it's opportunistic is
because it allows you to use the equivalent of
unauthenticated DH (self-
signed/arbitrary-CA certificates) rather than putting you
through the torture
test of obtaining and configuring a cert from a recognised
CA (that's non-
opportunistic, and because it's so difficult, frequently
just non-encryption).

Peter.

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com