Slashdot: John Gilmore Analyzes NSA Obstruction of Crypto In IPSEC
James Knott
james.knott-bJEeYj9oJeDQT0dZR+AlfA at public.gmane.org
Mon Sep 9 11:55:00 UTC 2013
D. Hugh Redelmeier wrote:
> FreeS/WAN Opportunistic Encryption used the IP address as identity and
> authenticated using public keys distributed through the Reverse DNS
> system. (NAT wasn't common when this was designed.) We assumed that
> people would get to populate their reverses. Remember, the internet
> was a network of peers.
Given that IPSec was originally designed for IPv6, NAT wasn't even expected.
> The OE code is broken in current releases.
For some reason, whenever you write "OE", I read Outlook Express". ;-)
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list