[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
opportunistic encryption deployment problems
3 problems I see with the deployment of opportunistic encryption:
1) your method of obtaining information is by reverse DNS lookup,
which will provide problems with people who can't control their
reverse DNS bindings. As an example, I don't have control over the
subnet mapped to my house and can not insert information into the
controlling DNS server (and can not convince them to redirect to
me).
2) your method of obtaining information is by reverse DNS lookup,
which will provide problems with people behind NATs. Until IPv6 is
(if) widely deployed, this will continue to be a growing problem.
Sure, if you can convince your NAT provider to do encryption to and
from both sides of the NAT, you may be able to get around this but
it certainly would take an effort to get this done.
3) The wider and wider spread use of things like web and other proxies
will provide similar problems seen in #2.
--
Wes Hardaker
NAI Labs
Network Associates
Follow-Ups: