On Sat, 21 Sep 2013, Stephen Farrell wrote:
On 09/21/2013 02:42 PM, Roger Jørgensen wrote:
On Fri, Sep 20, 2013 at 6:54 AM, Brian E Carpenter
<brian(_dot_)e(_dot_)carpenter(_at_)gmail(_dot_)com> wrote:
I got my arm slightly twisted to produce the attached: a simple
concatenation of some of the actionable suggestions made in the
discussion of PRISM and Bruce Schneier's call for action.
There are one thing I don't see mention in your draft, the discussion
that moved from ietf@ and over into lisp@ about encryption by default
wherever it's possible. It's one concrete action this
NSA/Snowden/Bruce thing has started.
FWIW, I'm also maintaining a list of concrete proposals and
relevant I-Ds that I've seen. [1] I've not noticed an I-D on
the LISP idea though but let me know if there's one I missed.
It's a draft from 1998:
http://tools.ietf.org/html/draft-ietf-ipsec-internet-key-00
I'm considering implementing something like that for the next version of
libreswan. But if we resurrect this draft, it needs work to get modernized
or be started as a complete rewrite from scratch. For exaple, we'd have
to ensure that these connections remain sandboxed to the machine, and
that any IP assignments are not leaking outside the machine (in the
light of NAT based inner IPs, etc)
Paul