I am really starting to get into learning about the #zerotrust security concept. I've also started reading a lot about #gnunet and attempts to create networks that act as an overlay or ride on top of existing infrastructure. The biggest hurdle seems to be metadata. GNUnet is doing some real interesting work on this front.
@ablackcatstail more people interested in zero trust networking is a great thing! user to app seems to be fairly well solved for with zero trust network access technologies. You can provision access to an app and it’s associated network attack surface with your identity stack and do some security posture assessment too on connection to the app. App to app is only partially solved for - microsegmentation solutions can enable trust for a workload to participate in a network with a set of east west network policy that trusts the workload but the posture/trust assessment isn’t generally on each connection east west. I’ve heard of solutions that claim it but haven’t seen them in operation yet in enterprise customers
@mhackling I'm more interested in finding ways to, at the least, be able to obfuscate the metadata. It would be great to be able to encrypt the metadata.
@ablackcatstail @mhackling GNUnet appears to have solved exactly this with R5 DHT and CADET. The endpoint discovery and transport is completely oblivious to application-level content being sent around. Everyone is deaddropping for everyone else. And if you really, really, don't want to transfer somebody's dirty stuff you can stick to friend-to-friend network overlay and restrict peering to those you trust.
