Re: [perpass] Of potential interest: MinimaLT
Stephane Bortzmeyer <bortzmeyer@nic.fr> Wed, 27 November 2013 11:11 UTC
Return-Path: <bortzmeyer@nic.fr>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FEB71AE101 for <perpass@ietfa.amsl.com>; Wed, 27 Nov 2013 03:11:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.551
X-Spam-Level:
X-Spam-Status: No, score=-1.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_FR=0.35, RP_MATCHES_RCVD=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MNsHMx81bqoA for <perpass@ietfa.amsl.com>; Wed, 27 Nov 2013 03:11:22 -0800 (PST)
Received: from mx4.nic.fr (mx4.nic.fr [IPv6:2001:67c:2218:2::4:12]) by ietfa.amsl.com (Postfix) with ESMTP id B29A51AE2B9 for <perpass@ietf.org>; Wed, 27 Nov 2013 03:08:09 -0800 (PST)
Received: from mx4.nic.fr (localhost [127.0.0.1]) by mx4.nic.fr (Postfix) with SMTP id F1602280291; Wed, 27 Nov 2013 12:08:07 +0100 (CET)
Received: from relay1.nic.fr (relay1.nic.fr [192.134.4.162]) by mx4.nic.fr (Postfix) with ESMTP id ECC1B28028E; Wed, 27 Nov 2013 12:08:07 +0100 (CET)
Received: from bortzmeyer.nic.fr (batilda.nic.fr [IPv6:2001:67c:1348:8::7:113]) by relay1.nic.fr (Postfix) with ESMTP id EA1124C007F; Wed, 27 Nov 2013 12:07:37 +0100 (CET)
Date: Wed, 27 Nov 2013 12:07:37 +0100
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Brian Trammell <trammell@tik.ee.ethz.ch>
Message-ID: <20131127110737.GA2608@nic.fr>
References: <528DF1DD.7010904@tik.ee.ethz.ch>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <528DF1DD.7010904@tik.ee.ethz.ch>
X-Operating-System: Debian GNU/Linux 7.2
X-Kernel: Linux 3.2.0-4-686-pae i686
Organization: NIC France
X-URL: http://www.nic.fr/
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: 'perpass' <perpass@ietf.org>
Subject: Re: [perpass] Of potential interest: MinimaLT
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Nov 2013 11:11:32 -0000
On Thu, Nov 21, 2013 at 12:43:25PM +0100, Brian Trammell <trammell@tik.ee.ethz.ch> wrote a message of 16 lines which said: > MinimaLT, YA transport layer replacement with a focus on maximizing > confidentiality, was presented at CCS last week in Berlin; Executive summary: each time two machines want to talk, an encrypted tunnel is automatically setup and used afterwards. The encryption setup cost is therefore paid for all the connections (until the teardown). So, some state will be necessary. Biggest problem is that the authentication (apparently in one direction only) is done only by X.509 (so it inherits all of the problems of X.509), with certificates fetched via the DNS. API for the applications is unclear. (It seems done mostly for a new OS, without installed base.) (More detailed analysis, in French <http://www.bortzmeyer.org/minimalt.html>)
- [perpass] Of potential interest: MinimaLT Brian Trammell
- Re: [perpass] Of potential interest: MinimaLT Stephane Bortzmeyer