[26997] in cryptography@c2.net mail archive
Re: Status of opportunistic encryption
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Thu Jun 1 10:11:54 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: auto37159@hushmail.com, cryptography@metzdowd.com
In-Reply-To: <20060530142758.6743BDA838@mailserver7.hushmail.com>
Date: Thu, 01 Jun 2006 13:47:06 +1200
<auto37159@hushmail.com> writes:
>I am also interested in Opportunistic Encryption. Even if it is not as
>secure as a manually configured VPN, I am willing to trade that for what it
>does provide. I have looked at setting up OpenSWAN in OE mode, but frankly
>it is daunting even for the reasonably geeky and far beyond any kind of mass
>implementation.
Grab OpenVPN (which is what OpenSWAN should be), install, point it at the
target system, and you have opportunistic encryption.
>Anytime I have recommended using STARTTLS to my sysadmin friends, they have
>always worried about breaking stuff and complained about needed expensive
>certs.
Why do you need expensive certs? It's opportunistic encryption, you generate
a self-signed cert on install and you're done.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
