FACTOID # 114: People in Germany, Belgium, Hungary and Sweden have to pay almost half their salaries in tax.
 
 Home   Encyclopedia   Statistics   Countries A-Z   Flags   Maps   Education   Forum   FAQ   About 
 
WHAT'S NEW
RECENT ARTICLES
More Recent Articles »
 

FACTS & STATISTICS    Simple view

  1. Select countries to view: (hold down Control key and click to select several)

     

     

    Compare:

     

     
  1. Select fact or statistic: (* = graphable)

     

     

     

  2. (OPTIONAL) Compare to statistic: (both need to be graphable)

     

     

     

  3. View result as:

     

       
(OR) SEARCH ALL encyclopedia, stats & forums:   

Encyclopedia > Opportunistic encryption
This article may require cleanup to meet Wikipedia's quality standards.
Please discuss this issue on the talk page or replace this tag with a more specific message.
This article has been tagged since July 2006.

Opportunistic Encryption (OE) allows for "encryption for secure communication without any pre-arrangement specific to the pair of systems involved." Or in general terms, "I'd like to talk to Bob, with encryption if available". Image File history File links Broom_icon. ...


This provides a level of security which is sometimes described as "Better Than Nothing Security"[1][2] or ANONSEC. It does not provide a strong level of security as authentication may be difficult to establish and secure communications are not forced. It does make the encryption of most internet traffic easy to implement, which has been a significant impediment to the mass adoption of Internet traffic security.

Contents

Routers

The FreeS/WAN project was one of the early proponents of OE. OpenSWAN has also been ported to the OpenWRT project and runs on Linksys WRT54G (and family) routers[3]. Openswan uses DNS records to facilitate the key exchange between the systems.[4] The Free Secure Wide-Area Networking project was a free software project, which implemented a reference version of IPSEC for the Linux and other UNIX-like operating systems. ... OpenWrt is a GNU/Linux based firmware for embedded devices based upon Broadcom chipsets, such as Wi-Fi routers made by Asus, Belkin, Dell, Linksys, US Robotics and Viewsonic, among others. ... This article may contain original research or unverified claims. ... Openswan is a complete IPsec implementation for Linux 2. ... The Domain Name System or DNS is a system that stores information about host names and domain names in a kind of distributed database on networks, such as the Internet. ...


It is possible to use OpenVPN and networking protocols to set up dynamic VPN links which act similar to OE for specific domains.


Linux

The FreeS/WAN and forks offer VPNs which can also operate in OE mode using IPsec based technology. The Free Secure Wide-Area Networking project was a free software project, which implemented a reference version of IPSEC for the Linux and other UNIX-like operating systems. ...


Windows OS

Windows platforms have an implementation of OE installed by default. This method uses IPsec to secure the traffic and is a simple procedure to turn on. It is accessed via the MMC and "Ip Security Policies on Local Computer" and then edit the properties to assign the "(Request Security)" policy. This will turn on optional IPsec in a Kerberos environment. IPsec (IP security) is a suite of protocols for securing Internet Protocol (IP) communications by encrypting and/or authenticating each IP packet in a data stream. ... MMC on Windows Server 2003, running Computer Management snap-in The Microsoft Management Console (MMC) is a component of modern Microsoft Windows operating systems. ... Kerberos is a computer network authentication protocol, which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. ...


To use windows OE in a non Kerberos environment, you need to install a certificate from a Certificate Authority (CA) which is common to any system with which you communicate securely, Thawte Freemail for example. In cryptography, a certificate authority or certification authority (CA) is an entity which issues digital certificates for use by other parties. ...


Many systems also have problems when either side is behind a NAT. This problem is addressed by NAT Traversal (NAT-T) and is accomplished by adding the following DWORD to the registry: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesIPsecAssumeUDPEncapsulationContextOnSendRule with a value of 2 and reboot. Using the filtering options provided in MMC, it is possible to tailor the networking to require, request or permit traffic to various domains and protocols to use encryption. NAT-T (NAT Traversal in the IKE) is a mechanism in IPsec for UDP encapsulation of the ESP packets in order to better go through firewalls. ...


E-mail

Opportunistic Encryption can also be used for specific traffic like e-mail using the STARTTLS Internet Message Access Protocol extension. With this implementation, it is not necessary to obtain a certificate from a certificate authority, as a self-signed certificate can be used. Wikipedia does not yet have an article with this exact name. ... Extended SMTP (ESMTP) is a definition of protocol extensions to the Simple Mail Transfer Protocol standard. ... The Internet Message Access Protocol (commonly known as IMAP or IMAP4, and previously called Internet Mail Access Protocol, Interactive Mail Access Protocol (RFC 1064), and Interim Mail Access Protocol [1] ) is an application layer Internet protocol that allows a local client to access e-mail on a remote server. ... In cryptography, a certificate authority or certification authority (CA) is an entity which issues digital certificates for use by other parties. ...

Many systems employ a variant with third party addons to traditional email packages by first attempting to obtain an encryption key and if unsuccessful, then it sends the email in the clear. PGP, Hushmail, Ciphire, among others can all be setup to work in this mode. Hushmail is a free webmail service founded by Cliff Baltzley after leaving Ultimate Privacy. ...


VoIP

Some VoIP solutions provide for painless encryption of voice traffic when possible. The Sipura and Linksys lines of Analog Telephony Adapters (ATA) include a hardware implementation of SRTP with the installation of a certificate from Voxilla, a VoIP information site. When the call is placed an attempt is made to use SRTP, if successful a series of tones are played into the handset, if not the call proceeds without using encryption. Skype and Amicima use only secure connections and the Gizmo Project attempts a secure connection between their clients. Phil Zimmermann, Alan Johnston, and Jon Callas have proposed a new VoIP encryption protocol called ZRTP. They have an implementation of it called Zfone whose source and compiled binaries are available. It has been suggested that Internet phone be merged into this article or section. ... An Analog Telephony Adapter, or ATA, is a device used to connect one or more standard analog telephones to a Voice over IP based network. ... The Secure Real-time Transport Protocol (or SRTP) defines a profile of RTP (Real-time Transport Protocol), intended to provide encryption, message authentication and integrity, and replay protection to the RTP data in both unicast and multicast applications. ... Skype (IPA pronunciation: , rhymes with type) is a proprietary peer-to-peer Internet telephony network founded by the entrepreneurs Niklas Zennström and Janus Friis, also founders of the file sharing application Kazaa. ... Amicima, Inc. ... Gizmo Project is the name of a peer-to-peer VoIP network and of a proprietary freeware soft phone for that network. ... Phil Zimmermann is the creator of the popular PGP encryption software. ...


See also

Portal:Cryptography
 Cryptography Portal

Image File history File links Key-crypto-sideways. ... The Free Secure Wide-Area Networking project was a free software project, which implemented a reference version of IPSEC for the Linux and other UNIX-like operating systems. ... IPsec (IP security) is a suite of protocols for securing Internet Protocol (IP) communications by encrypting and/or authenticating each IP packet in a data stream. ... John Gilmore John Gilmore is one of the founders of the Electronic Frontier Foundation, the Cypherpunks mailing list, and Cygnus Solutions. ... Openswan is a complete IPsec implementation for Linux 2. ... OpenVPN is a virtual private network (VPN) package for creating point-to-point encrypted tunnels between host computers. ... PGP Encryption (Pretty Good Privacy) is a computer program that provides cryptographic privacy and authentication. ... The Secure Real-time Transport Protocol (or SRTP) defines a profile of RTP (Real-time Transport Protocol), intended to provide encryption, message authentication and integrity, and replay protection to the RTP data in both unicast and multicast applications. ... strongSwan is a complete IPsec implementation for Linux 2. ... Zfone is software for secure voice communication over the Internet (VoIP). ... ZRTP is an extension to Real-time Transport Protocol (RTP) which describes a method of Diffie-Hellman key agreement for Secure Real-time Transport Protocol (SRTP). ... Authentication (Greek: αυθεντικός = real or genuine, from authentes = author ) is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the thing are true. ...

External links

 

COMMENTARY     


Share your thoughts, questions and commentary here
Your name
Your comments
Please enter the 5-letter protection code

Want to know more?
Search encyclopedia, statistics and forums:
 


Lesson Plans | Student Area | Student FAQ | Reviews | Press Releases |  Feeds | Contact
The Wikipedia article included on this page is licensed under the GFDL.
Images may be subject to relevant owners' copyright.
All other elements are (c) copyright NationMaster.com 2003-5. All Rights Reserved.
Usage implies agreement with terms.