From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.taht.net (mail.taht.net [IPv6:2a01:7e00::f03c:91ff:feae:7028]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id CDD073B2CA for ; Mon, 15 Feb 2016 14:12:51 -0500 (EST) Received: from dair-1314.lan (c-73-252-201-217.hsd1.ca.comcast.net [73.252.201.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.taht.net (Postfix) with ESMTPSA id 8DC1921309 for ; Mon, 15 Feb 2016 19:12:50 +0000 (UTC) To: cerowrt-devel@lists.bufferbloat.net From: =?UTF-8?Q?Dave_T=c3=a4ht?= X-Enigmail-Draft-Status: N1110 Message-ID: <56C22402.3080506@taht.net> Date: Mon, 15 Feb 2016 11:16:18 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:38.0) Gecko/20100101 Thunderbird/38.5.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Subject: [Cerowrt-devel] in the post-cisa world X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Feb 2016 19:12:51 -0000 I have been considering exiting the cloud as much as possible for my personal email in particular, and since storage tends to be expensive in the cloud, to keep that also locally for at least some stuff. Barrier #1 to doing that is that comcast blocks port 25 on residential links (I want to upgrade to business class after I can get a dedicated ipv6 allocation, which I hope they will start to offer soon. It is not clear if you can get both a dedicate ipv4 ip and ipv6 ip or just a dedicated ipv6) Even then, though, barrier #2 - the prospect of being a drive-by spam target - bothers me, so having a box in the cloud that can "turnaround" and rate limit stuff from port 25 there to my vpn here seemed ideal... except that good anti-spam requires that there be a reverse lookup on the origin ip and spf record that you lose that way, before you can get as far as starttls. I thought of maybe leveraging xnetd to do the rate limiting and turn around bits, and have it fire off some sort of script to do the verification, or/and now I'm looking over the "postscreen" utility in postfix - am allergic to store and forward... The folk doing darkmail seem to be making slow progress. ... As for vpn technologies, I have long longed to have one that was FQ-compatible: one that did not serialize different flows. Openvpn and ipsec are not particularly good that way. It has long looked like tinc 1.1 was ideal for hacking on (the idea is to listen and/or transmit on 1024 or more ipv6 addresses, and hash different flows across those with a cake equivalent internal to the daemon) There is a metric ton of other new technology like ipfs, maidsafe, etc - cheap two factor authentication devices - damned if I know what the future is going to look like. I played with whispersoft's stuff as well as silent circle's. Tox is pretty neat, just needs the groupchat stuff to finalize... (anyone trying that?) Etc.