[Freedombox-discuss] BTNS on Freedombox

Jonas Smedegaard dr at jones.dk
Wed Jun 12 23:28:18 UTC 2013 

Quoting Eugen Leitl (2013-06-12 20:47:07)
> On Wed, Jun 12, 2013 at 07:48:30PM +0200, Jonas Smedegaard wrote:
> > Quoting Eugen Leitl (2013-06-12 17:46:54)
> > > Do you see why IPv4/IPv6 BTNS wouldn't be a good out-of-the box 
> > > feature for the Freedombox?
> > 
> > Uhm, could you please elaborate a bit on that?
> > 
> > "Bitch That Need Slappin'" and "Toolbar Control and Button Styles" 
> > are some of the options coming up when I try figure out the meaning 
> > of that acronym.
> 
> Oh, right. I always thought that acronym was rather unfortunate.
> 
> It's Better Than Nothing Security, http://tools.ietf.org/html/rfc5386 
> an opportunistic encryption IPsec mode that omits authentication, and 
> hence the whole PKI/DNS key publishing overhead.
> 
> The result is resistant to passive taps, but not active (MITM) traffic 
> tampering on the wire (which is great, since latter is expensive, and 
> forces you to show your hand, and hence is detectable in principle, 
> which ups the stakes in the game).
> 
> There are already some implementations, albeit labeled experimental. 
> It could be a low-work way to make a lot of traffic go dark, and annoy 
> some professionals.

Thanks for clarifying.

Sounds cool, but also sounds like something that needs maturing.

FreedomBox is a server engineered by us geeks to be owned fully by 
non-geeks, and therefore have *no* system administrator.  That means 
there is even less room for failure than the servers we run ourselves.

I strongly believe that any and all pieces that we put into FreedomBox 
should already be in common use among geeks.  Eat our own dog food, so 
to speak.  To me that means we can *only* include in FreedomBox what is 
in Debian.

So way forward for this is to get it into Debian.

If it is patches to kernel drivers then work with Linux upstream to get 
the code into mainline branch, as it is highly unlikely that the Debian 
kernel team will be convinced to take the burden of maintaining it on 
their own.

If it is patches to ipsec or another independent tool then file 
bugreports against the relevant package if/when mature enough for 
production use.


Parallel to that, it might make sense already now to jot it onto one of 
the wiki pages for FreedomBox, for tracking its progress.  But beware 
that FreedomBox wiki pages is *not* progress, only monitoring - always 
need action elsewhere to be of use.


Hope that helps,

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20130613/5bdc66d8/attachment.sig>

More information about the Freedombox-discuss mailing list