[Openswan dev] Opportunistic Encryption thought over - x509 certificates vs DNS TXT records

[Henrik Nordstrom]

On Mon, 19 Apr 2004, Marcus Blomenkamp wrote:

> Having a secure tunnel to a trusted dns server authoritative for my
> local zone is crucial for trustable intra-zone OE'd traffic in my
> opinion.

Which boils down to what OE is.

OE is building trust from the trust already established by DNSSEC to
leverage from this trust to increase the security and integrity of
general Internet communications.

X509 builds trust from CA signing and mutual agreement on which CAs are 
trustworthy, and is mostly suited for static trusts. In context of IPSec 
having your own CA is basically a requirement.

The two models both have their merits and weaknesses, and is suitable for 
different tasks. Also, one does not exclude the other.

The goal of OE is to provide what X509 can't, namely the ability to 
reasonably encrypt communication without a prior arrangement in a manner 
which can be claimed to scale in the long term.

> So an active attacker can replace any part of your infrastructure 
> transparently. Please keep in mind that my primar concern is not anonymous 
> traffic between anonymous machines on my network but trustable traffic 
> between machines i own.

Then X509 with your own CA or even RSA is better suited for you than OE as
you clearly can accept to have a prior arrangement between your hosts and 
in addition may run in an environment where DNS can not be trusted.

> Then I'd say OE in its current form does not even walk uprightly ;)

It only walks where DNSSEC walks.

If no DNSSEC then OE trips over badly as there is no chain of trust
established, and then only provides protection from passive snooping.

See doc/opportunism.known-issues for a more in-depth list of known issues 
with OE.

Regards
Henrik