Opportunistic Encryption of IP traffic: FreeS/WAN 2.0

Russ Nelson writes "Since 1996, John Gilmore has dreamed of an Internet where all traffic between cooperating sites is encrypted. He has supported the FreeS/WAN project which uses IPSEC to encrypt IP traffic on an opportunistic encrypting basis. The team has released Linux FreeS/WAN 2.00, their first release optimized for Opportunistic Encryption (OE). After installation, ZERO host configuration is required for OE! A Linux box running 2.00 will encrypt all IP packets to other OE capable boxes whenever possible, provided you publish a key and IPsec gateway information in DNS." Nice.

A good first step.

[Meat+Blaster]

FreeS/WAN is definitely on the cutting edge of things, and anything they can do to reduce the complexity of cryptography makes it more likely that a larger audience can realize the benefits of encryption. I applaud this for security reasons, because the less information floating around out the more secure we all are.

However, this is not yet a complete solution for the average user. For one thing, it's Linux only, which puts it out of reach of the majority. Secondly, and this I absolutely cannot believe, they've killed off Trinity in their Matrix sequel. But most importantly, you've got to have access to DNS to make it properly work!? Why can't a new ICMP handshake be used to exchange keys between a new connection (and queue them) so that this doesn't have to rely on a third-party?

So, while this is a good first step, I think there are greater things that will yet be accomplished.

Re:Weakest link

[gadwale]

D U H!

Now they will be expecting carrier pigeons!

Adi Gadwale.