So, I always thought Apple has quite talented network engineers and PKI guys....
So, I always thought Apple has quite talented network engineers and PKI guys. Once again, I'm impressed.
Link below describes ad-hoc personal VPN service, introduced to Mac OS X users 7 years ago. It neatly combines few fundamental technologies: wide-area DNS-SD, IPSec, UPNP/NAT-PMP for NAT-traversal, IPv6 and even Kerberos.
Mac owners can securely connect to their devices over the internet, wherever the devices are.
Downsides include sticking your current public IP address in DNS records, thus disclosing your current physical location. For attackers knowing your AppleID and hostname, at least.
And signed-DNS-over-TLS feels like overkill.
Oh, and did you know? Every Mac OS X installation runs local Kerberos Key Distribution Center.
Link below describes ad-hoc personal VPN service, introduced to Mac OS X users 7 years ago. It neatly combines few fundamental technologies: wide-area DNS-SD, IPSec, UPNP/NAT-PMP for NAT-traversal, IPv6 and even Kerberos.
Mac owners can securely connect to their devices over the internet, wherever the devices are.
Downsides include sticking your current public IP address in DNS records, thus disclosing your current physical location. For attackers knowing your AppleID and hostname, at least.
And signed-DNS-over-TLS feels like overkill.
Oh, and did you know? Every Mac OS X installation runs local Kerberos Key Distribution Center.
RFC 6281 - Understanding Apple\x27s Back to My Mac (BTMM) Service
Shared with: Public
Jóhann B. Guðmundsson - 2014-01-03T13:10:43+0000
We should write an RFC and call it linux back to the future ( LBTTF ) ;)
Comments
Comments powered by Disqus