On Mon, Oct 20, 2014 at 8:33 AM, Giancarlo Razzolini <grazzol...@gmail.com> wrote: > On 19-10-2014 21:01, Ian Grant wrote: > > On the contrary: it _will_ make it impossible for people to know what > _we_ are doing. This is not one system I'm talking about: it's > countless independent VPNs. No one person in the world will ever know > what _we_ are doing. > > Except perhaps for the nations with mass surveillance capabilities. > > It's not security by obscurity, it's a one-time pre-shared key. > > Well, the need for a PSK doesn't change the fact that you're trying to > conceal something, but not making it inherently more secure.
How else can one protect a system from DoS attacks, other than by concealing it some way? And what is cryptography if it's not concealing the meaning of a communication in some way? > You think someone can analyse all the HTTP traffic in a country? So > what if they could? By the time they've analysed the dumps the service > won't be on that host anymore. > > In what world do you live? Didn't you followed the news regarding Eduard > Snowden disclosures? Not only it is possible to analyze all HTTP traffic on > any given country, but it's also possible to analyze ALL traffic on any > given country. This is exactly what NSA is doing and perhaps others also. > Hell, even some companies such as akamai and others can see a great > chunk of the internet traffic. Sure they can see it, but that's not going to tell them where it went next. So they can analyse all the traffic and what they learn from that won't be worth knowing half an hour later. I live in Bolivia, and I want to implement something like this here, so that the Bolivian government can have secure communications within Bolivia, and across her borders. > The issue I am addressing is not privacy. You would know that if you > had read the Foundation paper: > > http://livelogic.blogspot.com/2014/10/the-foundation-parts-iii-iii.html > > Yes, you're not addressing just privacy. But your original post e-mail > subject of "shadow TCP stacks" is misleading. > > Well, "they" don't have a choice, because OpenBSD is open source, or > haven't you heard? > > Even if you did manage to create a nice patch, bug free, with great security > and all, I don't ever see this getting into the OpenBSD source tree. And, as > Henning, an OpenBSD developer, putted on a reply to you, you don't get to > decide what they put into their source code tree. As I said before, focus on > the proper development of good and strong cryptography, and you'll sure see > your contributions get into OpenBSD, provided they are in the project's > interest, of course. I can make and a maintain any modifications to OpenBSD that I please. Ian
