[16148] in cryptography@c2.net mail archive
Re: potential new IETF WG on anonymous IPSec
daemon@ATHENA.MIT.EDU (Sam Hartman)
Mon Sep 13 13:35:37 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: "Zooko O'Whielcronx" <zooko@zooko.com>
Cc: cryptography@metzdowd.com,
From: Sam Hartman <hartmans@mit.edu>
Date: Sun, 12 Sep 2004 14:45:12 -0400
In-Reply-To: <C7C59F09-0341-11D9-BE07-000A95E2A184@zooko.com> (Zooko
O'Whielcronx's message of "10 Sep 2004 12:55:04 -0300")
>>>>> "Zooko" == Zooko O'Whielcronx <zooko@zooko.com> writes:
Zooko> On 2004, Sep 09, , at 16:57, Hal Finney wrote:
>> To clarify, this is not really "anonymous" in the usual sense.
>> Rather it is a proposal to an extension to IPsec to allow for
>> unauthenticated connections. Presently IPsec relies on either
>> pre-shared secrets or a trusted third party CA to authenticate
>> the connection. The new proposal would let connections go
>> forward using a straight Diffie-Hellman type exchange without
>> authentication.
Zooko> ...
>> I don't think "anonymous" is the right word for this, and I
>> hope the IETF comes up with a better one as they go forward.
Zooko> I believe that in the context of e-mail [1, 2, 3, 4] and
Zooko> FreeSWAN this is called "opportunistic encryption".
No. opportunistic encryption means I have retrieved a key or cert for
the other party, but do not know whether it is actually the right
cert. This is slightly different although at the level of current
discussion it has the same security properties.
--Sam
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
