[Freedombox-discuss] Hosting public services (was: Re: Bootstrapping a Freedombox contact list)

Tim Retout diocles at debian.org
Fri Nov 29 08:34:37 UTC 2013

On Fri, 2013-11-29 at 02:14 +0100, Anders Jackson wrote:
> Of course it does, but the communication between the devices are
> encrypted, so Tor, or something like that, on top of IPsec on IPv6
> will give you both secrecy and anonymity.

Yes; the point being that you need Tor as well as IPSec.

A small nitpick to check my understanding: even if you use Tor on IPSec,
it is possible to send traffic that will be unencrypted at the exit
nodes.  So your anonymity is assured, but not your secrecy.

> > Therefore, for the peer-to-peer element, I have come to believe that
> > governments should not able to see which other Freedomboxes you are
> > communicating with.  If we used IPSec, it would still be possible to
> > figure out who owned the addresses you were talking to.
> Government, what about ISP and other companies, like MS and Google?
> It is still possible to figure out which other Tor nodes you talk to.

And my assumption here is that knowing which Tor nodes you talk to is
uninteresting - they're not people you know personally, so it doesn't
matter who finds out.

I think we're talking cross-purposes slightly - let me restate what I
was trying to get at here:

There are two situations I'm trying to solve:

- Communication between Freedomboxes.  Here we can assume the existence
of any software like Tor, so I'm proposing Tor hidden services.  This
can be over IPv4 or IPv6, but you still need Tor.

- Communication with 3rd parties over various protocols, which needs you
to advertise a public service (like a mail server with port 25 open).
Here we want to interoperate with people who aren't using Tor, and may
be on either IPv4 or IPv6.  This is where we were talking about
Pagekite, except Pagekite doesn't do SMTP.

I hope that explains some of the statements in my previous mail.

> I can't see why that will be a problem other than the usual mess with
> NAT, double NAT and other problems you get with IPv4 when trying to
> put a server on internet.
> But machines usually need to have dual stack anyway, so you can still
> do that if you really need IPv4.
> But this is problems you don't have with IPv6, where you only need to
> open up the firewall and your server is public.
> For IPv4 to be able to reach IPv6 there are other solutions for doing
> that, like NAT64. You are not the first with a need like that. ;-) 

Yes, I hope I'm not the first. :)  Can you elaborate on how to offer
publically-available services that existing IPv4 mail servers could talk
to?  Does NAT64 have to be offered by your ISP?

Tim Retout <diocles at debian.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20131129/107af044/attachment.sig>

More information about the Freedombox-discuss mailing list