>On the contrary: it_will_ make it impossible for people to know what > _we_ are doing. This is not one system I'm talking about: it's > countless independent VPNs. No one person in the world will ever know > what_we_ are doing.
'countless independent VPNs' + 'a one-time pre-shared key' = big trouble My advice - Torproject.org Currently the best math/crypto based solution to provide private service hosting and anonymous browsing. Open source, peer reviewed, thoroughly abused by smart people and so on. Tor also solves the very real metadata problem this paper does not even address. Any code that makes it into the kernel introduces complexity must offset its long term cost with usefulness. I don't think this repackaged port knocking mess passes that test. J -----Original Message----- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Giancarlo Razzolini Sent: Monday, October 20, 2014 7:34 AM To: Ian Grant Cc: Bret Lambert; OpenBSD general usage list Subject: Re: Shadow TCP stacks On 19-10-2014 21:01, Ian Grant wrote: > On the contrary: it_will_ make it impossible for people to know what > _we_ are doing. This is not one system I'm talking about: it's > countless independent VPNs. No one person in the world will ever know > what_we_ are doing. Except perhaps for the nations with mass surveillance capabilities. > > It's not security by obscurity, it's a one-time pre-shared key. Well, the need for a PSK doesn't change the fact that you're trying to conceal something, but not making it inherently more secure. > > You think someone can analyse all the HTTP traffic in a country? So > what if they could? By the time they've analysed the dumps the service > won't be on that host anymore. In what world do you live? Didn't you followed the news regarding Eduard Snowden disclosures? Not only it is possible to analyze all HTTP traffic on any given country, but it's also possible to analyze ALL traffic on any given country. This is exactly what NSA is doing and perhaps others also. Hell, even some companies such as akamai and others can see a great chunk of the internet traffic. > > The issue I am addressing is not privacy. You would know that if you > had read the Foundation paper: > > http://livelogic.blogspot.com/2014/10/the-foundation-parts-iii-iii.html Yes, you're not addressing *just* privacy. But your original post e-mail subject of "shadow TCP stacks" is misleading. > Well, "they" don't have a choice, because OpenBSD is open source, or > haven't you heard? Even if you did manage to create a nice patch, bug free, with great security and all, I don't ever see this getting into the OpenBSD source tree. And, as Henning, an OpenBSD developer, putted on a reply to you, you don't get to decide what they put into their source code tree. As I said before, focus on the proper development of good and strong cryptography, and you'll sure see your contributions get into OpenBSD, provided they are in the project's interest, of course. Cheers [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
