Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Dean Willis <dean.willis <at> softarmor.com>
Subject: Re: [ietf-privacy] wrt tcpcrypt and obscrypt
Newsgroups: gmane.ietf.obscurity
Date: Friday 8th April 2011 04:01:47 UTC (over 6 years ago)
On Mar 30, 2011, at 12:49 PM, =JeffH wrote:

> > 1) We should try to drive the widespread use of encryption.This makes
> > encrypted real-time channels (and other things that benefit from
security)
> > stand out less than they otherwise might. The general principle is that
good
> > network citizens, along with sharing the net gracefully, should help
their
> > neighbors hide from attacks.
> >
> > Along these lines, we'd like to encourage the IETF to NOT develop more
> > protocols with encrypted and unencrypted variants. Unless protocols
NEED to
> > be unencyypted, they need to be protected. We should also encourage
> > deprecation of the current unencrypted variants.
> >
> >
> > everybody should look at the "tcpcrypt" draft. This has the potential
to
> > opportunistically encrypt applications using TCP and nicely augments
TCP
> > applications.It might be possible to do somethi'ng similar to do
something
> > similsr for UDP.
> 
> In terms of the latter, I believe you mean..
> 
> draft-bittau-tcp-crypt-00
> 
> see also: http://tcpcrypt.org/
> 
> I've played with the impl on linux and it apparently worked. ( I left
comment #46 here: http://tcpcrypt.org/fame.php )
> 


Yes, that's the one. I talked it over with co-author Mark Handley while in
Prague. He had so far not done much to socialize the draft, but was
starting to talk about it some during the meeting. I also discussed with
with EKR, who didn't seem to see much of an advantage over TLS.

> 
> there's also this similar work to take a look at..
> 
> Opportunistic Encryption Everywhere - Adam Langley
> http://w2spconf.com/2009/papers/s1p2.pdf
> 
> https://secure.wikimedia.org/wikipedia/en/wiki/Obfuscated_TCP
> 
> 

Good reference. Thanks!

> AdamL brought his stuff up on the tcp list (not sure offhand of exact
list moniker) and it got shot down (so he felt, but he didn't try for more
than just 3 days to get acceptance... :)
> 

It's hard to get stuff past the TLS lobby, I think.

--
Dean
 
CD: 3ms