John Mattsson wrote:
Assuming breach like key compromise is an essential zero trust principle.
A problem is that even 12 years after Diginotar, many people still believe in PKI which blindly trusts intermediate CAs of demonstrated-to-be-untrustworthy trusted third parties. People working for PKI industry can not accept a fact that PKI is not secure end to end. The reality is that, zero trust security must rely on shared secret shared directly between ends, which is the end to end security. > 3GPP is working hard to mitigate its PSK vulnerabilities with > ECIES and ECDHE? I can see no point to rely on EC. which is a lot lot lot less analyzed than linear N.
- IP layer: While the transport layer and application layer has seen significant improvements such as QUIC and HTTP/3 and the link layer has seen improvements with MAC randomization, not much has happened at the Internet layer. IP addresses are still not only long-lived trackable identifiers, but they also reveal your location.
Wrong. IP mobility without triangle elimination hides your true IP address at least for a short period. Mobility triangle is necessary cost to hide your location. You may even use, like onion routers, layered IP mobility. A possible improvement by IETF is to encrypt mobility messages. Masataka Ohta
