[Top] [All Lists]

RFC: p&p ipsec without authentication

To: netdev@xxxxxxxxxxx
Subject: RFC: p&p ipsec without authentication
From: Rik van Riel <riel@xxxxxxxxxxxxxxxx>
Date: Sun, 15 Dec 2002 18:34:06 -0200 (BRST)
Cc: linux-kernel@xxxxxxxxxxxxxxx
Sender: netdev-bounce@xxxxxxxxxxx

I've got a crazy idea.  I know it's not secure, but I think it'll
add some security against certain attacks, while being non-effective
against some others.

The idea I have is letting the ipsec layer do opportunistic encryption
even when there are no ipsec keys known for the destination address,
ie. negotiate a key when none is in the configuration or DNS.

I know this gives absolutely no protection against man-in-the-middle
attacks (except maybe being able to detect them), but it should prevent
passive sniffing of network traffic, as done by some governments.

If this "random" encryption could be turned on with one argument to
ip or ifconfig and millions of hosts would use it, sniffing internet
traffic might just become impractical (or too expensive) for large
organisations.   Furthermore, even if just 0.1% of the hosts were to
use ipsec authentication, the 3-letter agencies would be faced with
the additional challenge of identifying which connections could safely
be intercepted with man-in-the-middle attacks and which couldn't.

Not to mention the fact that the port number on many communications
would be invisible, vastly increasing the difficulty of doing any
kind of statistical analysis on the traffic that's traversing the

Is this idea completely crazy or only slightly ?


Bravely reimplemented by the knights who say "NIH".
Current spamtrap:  <a href=mailto:"october@xxxxxxxxxxx";>october@xxxxxxxxxxx</a>

<Prev in Thread] Current Thread [Next in Thread>