|
Opportunistic encryption (OE) refers to any system that, when connecting to another system, attempts to encrypt the communications channel otherwise falling back to unencrypted communications. This method requires no pre-arrangement between the two systems. Opportunistic encryption can be used to combat passive wiretapping. (An ''active'' wiretapper, on the other hand, can disrupt encryption negotiation to either force an unencrypted channel or perform a man-in-the-middle attack on the encrypted link) It does not provide a strong level of security as authentication may be difficult to establish and secure communications are not mandatory. Yet, it does make the encryption of most Internet traffic easy to implement, which removes a significant impediment to the mass adoption of Internet traffic security. Opportunistic encryption on the Internet is described in RFC 7435: "Opportunistic Security: Some Protection Most of the Time". ==Routers== The FreeS/WAN project was one of the early proponents of OE. Openswan has also been ported to the OpenWrt project. Openswan uses DNS records to facilitate the key exchange between the systems.() It is possible to use OpenVPN and networking protocols to set up dynamic VPN links which act similar to OE for specific domains. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「opportunistic encryption」の詳細全文を読む スポンサード リンク
|