[Gvpe] Idea

Alejandro Vargas alejandro.anv at gmail.com
Sun Aug 27 09:57:03 CEST 2006


I think it could be a good feature to add to gvpe support for pubkey servers.

This way, you could only create your own pub/private key pair, send
your pub key to the server, and all other people using the same server
will be able to connect with you with private traffic. With this, it
would be very easy to create a public encrypted network.

Allowing to use multiple pubkey servers, you will be able to avoid
dependence from one server. Various servers could be mirrors or the
user could register on many servers, and even, for a corporative use,
the servers could be private and serve only a few keys.

The pubkeys are static (at least until its expiration), then, gvpe
could download only one time each pubkey (the first time it needs to
encrypt a packet to this host), then it could be able to share this
"cached" keys, allowing other peers to use it as key server if they
want to truest their info.

The key servers could associate the keys to the real ip/hostname (if
ip is dynamic), and gvpectrl when created the local private/public key
could be able to automatically upload this to all configured servers.

Key servers could also administer private ip addresses or mac
addresses of the hosts.

It would make even more easy to configure and use gvpe. If you want to
join the "public gvpe network" and even mantain communication wity
some hosts, you could use iptables to block the others.

-- 
Alejandro Vargas



More information about the gvpe mailing list