>>> > When we communicate with strangers, we can use the following >>> > handshaking protocol. >>> >>> So here, you only accomplish confidentiality toa stranger. But you >>> have no idea which stranger. > >> This is to achieve end-to-end encryption without CA. >> >> Prove a specific identity with a specific IPv6 address. > > You miss the point. Talking with confidentiality to an IP address means > nothing. > Using null-authentication with any protocol accomplishes the same. You > left out how binding that IP address to a psuedo identity would work. > > If I talk with confidentiality with 2600::c900:9106:adca:dc36 then who > am I talking to? You ? Your server? Your phone? The NSA? > > Besides that, anyone who controls some of the BGP tables or routing > can be an instance of 2600::c900:9106:adca:dc36 passing identification > of your crypto scheme. So I don't even know if I am talking to the "real" > 2600::c900:9106:adca:dc36. And if you meant the IPv6 as a "shared > secret" then we have better methods like PAKE to go from a weak shared > secret we exchange at a party, to a strong secret we can use to > authenticate a private channel. > > In other words, your proposal is the equivalent to any kind of > DiffieHellman key exchange. Now you have confidentiality, you need > to authenticate the other party.
As readers may be aware, Tor has an interesting capability via OnionCat and OnionVPN to join its 80-bits of v2 onion addressing with the IPv6/48 bits provided by the latter tools to yield a self authenticating 128-bit host and internet stack compatible private space. This brings IPv6 (UDP, ICMP, all its applications, etc) to the Tor overlay. Tor breaks that with its v3 onions which are much wider. As does I2P. And of course CJDNS isn't exctly interop friendly. There's an open project for anyone who wants it... To bring IPv6 over v3 onions to Tor. The results of which... that being how to provision roughly approaching 128-bits of stack compatible reasonably E2E self or otherwise authenticated space out from any wider space... would be useful to many of the existing and future overlay networks out there, to bring instant compatibilty of those nets with all of users IPv6 apps. Could be anything from a DHT first seen, to an in network blockchain registry, to an entirely new modular AF_WIDE compilation library option which could pluggably open up a lot of overlay networks to general application usage. See tor-talk list archives and I2P dev for more talk on the potential project. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
