mlls is project by [AndrewGriffiths] to encrypt packets over the datalink layer, using possibly rsa+rsa+dh. The RSA part kinda not sure about now, cause ofthe work (http://www.cr.yp.to/ DJB) is doing.

The RSA+RSA+DH part ensures perfect future security (I'm not sure if thats the exact term), because if someone breaks in and steals the longterm RSA key, doesn't mean they can read anything that was encrypted before, and anything encrypted after, (due to the once-only RSA key, and once-only DH key.).

The DH key exchange means no key is needed between connecting parties. Authenication is provided through the use of RSA and challenging. (Well, it double challenges. Each side provides part of the challenge. This prevents the evil server attack, and makes it highly unlikely  someone can replay an signed challenge.)

At the moment, I think I will make it so it opens (effectively) a point-to-point encrypted tunnel between people, so the routing table in the OS, might be something like,

 '''IP range''' - - - - '''Interface''' %%%
 
 192.168.2.0/24 - eth0 %%%
 192.168.2.3/32 - tun0 %%%
 192.168.2.7/32 - tun1 %%%

Since routing is chosen on best match, the correct interface will be picked for sending out.

This technique is portable to Linux, FreeBSD, and Solaris using the TUN/TAP module. If other people using other OS's want to use this, I can prolly make a workaround for TUN/TAP, and use (http://www.packetfactory.com Libnet) and (http://www.tcpdump.org libpcap).