[147083] in cryptography@c2.net mail archive
Re: [Cryptography] [cryptography] very little is missing for
daemon@ATHENA.MIT.EDU (Taral)
Fri Sep 13 11:46:09 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <20130912190406.GB3175@gmail.com>
From: Taral <taralx@gmail.com>
Date: Thu, 12 Sep 2013 17:44:59 -0700
To: Nico Williams <nico@cryptonector.com>
Cc: Eugen Leitl <eugen@leitl.org>,
Cryptography List <cryptography@metzdowd.com>,
Crypto discussion list <cryptography@randombit.net>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Thu, Sep 12, 2013 at 12:04 PM, Nico Williams <nico@cryptonector.com> wrote:
> Note: you don't just want BTNS, you also want RFC5660 -- "IPsec
> channels". You also want to define a channel binding for such channels
> (this is trivial).
I am not convinced. It's supposed to be *better than nothing*. Packets
that are encrypted between me and whatever gateway the endpoint elects
to use are strictly better than unencrypted packets, from a security
and privacy standpoint.
Insisting that "BTNS should not be used without X, Y, and Z" had
better come with a detailed explanation of why BTNS without X, Y, Z
makes me *less* secure than no BTNS at all.
--
Taral <taralx@gmail.com>
"Please let me know if there's any further trouble I can give you."
-- Unknown
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
