Slashdot Mirror
Opportunistic Encryption of IP traffic: FreeS/WAN 2.0
Russ Nelson writes "Since 1996, John Gilmore has
dreamed of an Internet where all traffic between cooperating sites is
encrypted. He has supported the FreeS/WAN project which uses IPSEC to encrypt IP traffic on
an opportunistic encrypting basis. The team has released Linux
FreeS/WAN 2.00, their first release optimized for Opportunistic
Encryption (OE). After installation, ZERO host configuration is
required for OE! A Linux box running 2.00 will encrypt all IP packets
to other OE capable boxes whenever possible, provided you publish a
key and IPsec gateway information in DNS." Nice.
A chain is as strong as its weakest link.
This applies to cryptography as well.
In the Oppertunistic Encryption scenario, DNS is probably the weakest link. Spoof KEY records and you can launch a man-in-the-middle attack.
I was wondering... would this have application for wireless, either between a workgroup bridge (like the Ciso one) or a single pci/pcmcia card and an AP or mesh of APs? Seems like it could be better than WEP, especially if it was just as easy to implement on a small scale non-DNS based solution (hosts file, ssid, hard coded ip range, etc.)
Don't blame me, I voted for Kodos
I think this idea of a "meta-SSL" is a really good one--not only can we encrypt the data stream, but also the headers. Of course, we'd still need to deal with session keys and the problem of "known response" attacks, but assuming we can fix that, this looks really promising.
(And of course, it would be best if we could implment this on the hardware of the routers themselves, rather than rely on the OS...*cough* M$ *cough*).
Q: "Why do sound techs say 'check 1, 2'?"
A: "Cause if they could count any higher they'd be lighting techs."
Anyway, this will never work - there's too many clueless administrators out there who will think it's just someone attacking their core routers or overloading their DNS server, or something else equally inane, and they won't bother to check what the port really is.
But of course it's nice to see this getting more exposure. The problem with IPSEC has always been the hassle of setting it up. Having encryption kick in "automagically", is a good thing to have.
Wonder if I could just tell my email server to only accept encrypted connections from trusted sources to stop spam. This would definately work for seperate corporate mailservers that need to connect to eachother across the internet eliminating the need to maintain them on a private network.
I mean, you install this thing, and you'll have some random connections be encrypted. But it would still be foolish to 'trust' any regular internet connections. This type of technology might give people a false sense of security.
I realize the point is just to get more encrypted data out on the net, but this just seems pointless to me.
autopr0n is like, down and stuff.
Tell those ISPs to go fsck themselves.
IPSec traffic OFTEN looks like "hack" attacks - weird, short packets, protocol 50 and (sometimes 51), streams of UDP 500, etc. Because it's all binary, its more likely to trigger the "shellcode" sort of alerts. An IDS will see the binary stream "F00F" in your payloads and assume you're doing a DoS attack or something. Trust me, I know - I helped build the first version of Guardent'sIDS solution.
I want to delete my account but Slashdot doesn't allow it.
I really love the idea of opportunistic encryption, and I used to think that I'd like to see it added to email. Once people have exhcnaged mail with each other, all further traffic would be encrypted. This could be done in the clients, and wouldn't require any changes to the email infrastructure at all.
I know that there are lots of problems with it, mostly related to key management. It wouldn't be perfect security, it might not even be good security. But it's a lot better than plaintext.
What you'd want would be a way to take control of the keys when you thought it was necessary, an opportunistic system that would get the best key that it could find, but which would allow you to override whatever the opportunistic system would do on its own.
The problem I have with this now is that I'm not sure I oppose government surveillance any more. It's a horrible thing to say for someone who spent the early nineties lurking on cypherpunks. I think that they've been able to clamp down on terrorism pretty effectively, and I don't see much evidence that the power has been misused.
I'm getting old, and turning into one of those people I had contempt for -- a guy who is willing to trade freedom for security, and who deserves neither.
But I do think that from a technlogical standpoint, opportunistic encryption is the way to go. It's a great, clean, simple idea.
The most successful use of crypto for the general public is SSL on the web. It works because it's transparent, no one has to think about it. That's why opportunistic encryption rocks.
Perhaps -- and this is a real stretch -- what we really want is a whole new email system, one that's designed to be robust in the face of things like spam, and that includes things like encryption, etc. Dual protocol clients could "opportunistically" move communications from the old system to the new one totally transparently. After a few years, we could all turn off the old email protocol.
Opportunism is a great way to look at upgrading protocols.
I understand your points, and I really felt the same way before 9/11. And it's a hard thing to talk about, because the government seems to keep a lot of information from us.
But I wonder: why don't we see more terrorism here than we do? Why do other countries, who are far less involved in the rest of the world, see so much more? It's especially puzzling when you think about how open our society is -- it's easy to move around, to do whatever it is that you want to do.
Part of it, I think, is that people know that we will respond with overwhelming force. That's what happened to Afghanistan.
But part of it, I think, is the surveillance. I think it's a big part of it.
On the flip side, I don't see much of that information, the stuff they get by doing surveillance, showing up in everyday life. I know people who use drugs, who do unusual things sexually, who send emails back and forth criticizing the government and the president, etc. And nothing bad ever happens to them. Whoever is listening, if anyone is listening, isn't acting on that sort of stuff.
It seems to me that we have, as a practical matter, the freedom to do just about whatever we want. I say this because I know people who do all sorts of stuff, things that society disapproves of, even things that are illegal. And the system, such as it is, tolerates this.
The fear of surveillance is that it will produce a police state. I just don't see that we're living in a police state. I went to berlin and a couple of eastern bloc countries before the iron curtain came down, and this isn't like that. You can do what you want here.
On a practical level, I don't think there's any question that what we're giving up is more than paid for by what we get by the surveillance. The problems that I see with it are either (a) philosophical, or (b) fears about what might happen in the future, when the people running the system will probably be less scrupulous than they are now. The last thing, in particular, is a real problem for me.
It is really extraordinary, though, that the US can be as hated around the world as it is, that we can be as open as we are, even going so far as to have lots of the people who hate us living here, and that things are nonetheless quite safe.
My feeling is that we have to acknowledge that, on a certain level, before we start agitating. I'm not suggesting that things couldn't be better than they are -- just that before we talk about changing things, it makes sense to acknowledge the good things in the status quo, so as to make sure we don't inadvertently toss that stuff out when we make changes.
So, other than windows 2000's native IPsec support, is there another (legally) free-as-in-beer IPsec client for commercial windows users?
The only one I've seen was the one that came from PGPnet or Desktop or something - and it was only free for non-commercial users.
I know some commercial vendors' vpn clients do support standard IPsec connections (Nortel, Cisco, etc), but AFAIK it's not legal to use them if you haven't bought the company's products...
Some time ago a mailing list on a controversial subject was running on my home machine. One of the rules was that no criminal activity could be discussed or facilitated via postings to the list.
As a matter of policy, while that list was running all traffic both on the list and to and from the machine was UNencrypted.
The reasoning:
- Someone unhappy with the subject matter of the list, with being kicked off it for misbehavior, or just mad at the list operators for unrelated reasons, might file a tip with a police agency claiming illegal activity.
- Due to the list's subject matter, the tip might be considered credible.
- If the traffic to the site was UNencrypted, they could obtain a wiretap warrant and examine it offsite (and would prefer to do it this way).
- If any of the traffic to the site was encrypted, they would have to sieze and examine the machine to satisfy their investigation, causing considerable disruption. (And they might also take encrypted traffic as a confirmation of the tip.)
The list administrator says it well: Leave it unencrypted and they get to bore themselves to tears.
The list was retired (and a successor started at another site) before I needed to do encrypted traffic between home and work.
That was quite some time back, and encrypted traffic was uncommon then except for security agencies, a very few businesses, a few experimenters, and a few crooks. At this point encryption is far more common - what with VPN, SSH, and IPSec. And with ready-for-primetime FreeSWAN it will become still more comomn.
But the core of the original risk is still there: If you're using world-class encryption, and the government gets a bee in its bonnet about you doing something undesirable, they'll need to physically search your machine for evidence or keys, or plant an onsite bug such as a keyboard monitor, to find out what you're up to. (Or they'll find it less expensive to do it that way than try to crack your encryption from outside.)
Fortunately, a sudden widespread deployment of encryption can get us "over the hump" - going past the point where it is rare enough that security agencies can target people who use it, to the point where wiretapping is pointless and searches on only suspicion-plus-encryption are too expensive.
That would create an economic incentive to avoid fishing expeditions and mostly search only on credible evidence of wrongdoing (plus an occasional governmental rape of a political enemy or other terrorist action against an outgroup or annoyance-to-cops).
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
The debate about whether to do crypto at Layer 1, 2, 3, 4, or 7 has been going on for over a decade and a half. (Some people argue that crypto in the SSL/SSH sense is really layer 5 or 6, one of those OSI Session or Presentation Layer things that the TCP world doesn't worry too much about, but alternatively you can call it Layer 4 :-) Physical and Link-Layer crypto are fine for private networks - WEP is basically a Layer 2 crypto system which would be a good thing if it weren't badly thought out and badly implemented, and the NSA has been using Layer 2ish crypto on X.25 networks since the 80s, back when X.25 was the way you did international data networks. IPSEC has the advantage that it protects _all_ the communications between your machine and another machine, which can be really effective if that matches your communication patterns, and it means that the applications inside don't need to be modified to use crypto as long as they run over vanilla IP. Layer 4 cryptosystems like SSL and SSH are much more trouble - applications need to know about them, and they don't protect the machine against protocols that don't use them, but the operating system doesn't need to know, and intermediate routers and such don't need to know about it, so it can be more convenient to implement for applications that can use it. Layer 7 - things like PGP-or-S/MIME-encrypted email or encrypted file systems - is obviously much more customized, protects even fewer things, but sometimes it's the right way to go also.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
However, there are some cable modem companies that really object to anything VPN-like. It's nothing technical, just pure greed. They assume that if you're using IPSEC, it's a VPN for work, and they have a higher price for "business ISP service" than for "residential". There are even a few DSL companies this rude and clueless. Most Cable modem companies and some DSL companies also object to running anything server-like on their networks, because they're worried about overloading their asymmetrically small upstreams, and because they've got a leftover habit of paranoia about bad performance due to early equipment problems, all those PacBell "WebHog" TV commercials, worries about bad PR from neighborhood porn web servers hogging the cable, etc.
While most cable modem companies are still desparately clue-deficient, they've at least mostly figured out that one reason people are buying broadband in the first place is to be able to work from home, and that means that customers _are_ going to use IPSEC and not just fetch HTTP and POP3, and now that telco DSL service is widespread, they're a little more responsive to competitive pressure.
Some telco DSL providers are apparently clueless about this also, but relatively few.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks