gurtov at cs.helsinki.fi
Mon Oct 23 11:39:09 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Watson Ladd wrote:
> What *exactly* are we talking about using HIP for? Node-to-node
> connections, or the connections the client makes to tunnel traffic?
I would say, both.
> For the first one we have TLS.
Various arguments can be made on HIP vs. TLS discussion. Some people
prefer end-to-end IPsec rather than TLS.
> For the second one, HIP solves the wrong
> problem. We want to authenticate nodes to users, not each to the other.
It is possible to use "anonymous identities" from node side that are not
publicly announced and/or frequently regenerated. There has been
significant work on HIP privacy extensions.
> While HIP is more efficient then TLS, we could use SSH for the
> connections to gain on efficiency.(Talking about the first problem).
> SSH is one of the most scrutinized protocols in existence, so it could
> be a good choice.
Might be so, though TLS/SSH does not support mobility and multihoming,
Denial-of-service protection, and so on. With HIP e.g. IPv6-only Tor
client in China could talk to IPv4 client in EU.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the tor-dev