Differences between current version and previous revision of OpportunisticEncryption.
Other diffs: Previous Major Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 5 | Last edited on Saturday, February 28, 2009 4:00:51 pm | by LawrenceDoliveiro | |
| Older page: | version 4 | Last edited on Saturday, February 28, 2009 3:49:44 pm | by LawrenceDoliveiro | Revert |
@@ -10,6 +10,9 @@
See the very readable [IETF draft for the Opportunistic Encryption specification|http://www.sandelman.ottawa.on.ca/SSW/freeswan/oeid/draft-richardson-ipsec-opportunistic.html].
Note that OE does ''not'' guard against ManInTheMiddle attacks, unless the keys can be independently authenticated, for example by [DNSSEC].
+
+So what is the point of it? It is resistant to passive snooping, for example by spy agencies, other Government organizations, and Bad Guys in general. To defeat the encryption, they would have to actively intercept your connection attempts and substitute their own keys. This might be considered too much work for somebody who is not specifically targeting you, but just generally snooping on Internet traffic, hoping to find something interesting. Is this a realistic threat to guard against? Only you can decide.
+
----
CategoryCryptography
