[cap-talk] TCP encryption

Sandro Magi naasking at higherlogics.com
Thu Jul 22 07:58:13 PDT 2010


Might be of wider interest to those lamenting the security of open networks:

http://people.csail.mit.edu/costan/readings/usenix_papers/Bittau.pdf

The case for ubiquitous transport-level encryption

Today, Internet traffic is encrypted only when deemed necessary.
Yetmodern CPUs could feasibly encrypt most traffic. Moreover, the cost
of doing so will only drop over time. Tcpcrypt is a TCP extension
designed to make end-to-end encryption of TCP traffic the default, not
the exception. To facilitate adoption tcpcrypt provides backwards
compatibility with legacy TCP stacks and middleboxes. Because it is
implemented in the transport layer, it protects legacy applications.
However, it also provides a hook for integration with application-layer
authentication, largely obviating the need for applications to encrypt
their own network traffic and minimizing the need for duplication of
functionality. Finally, tcpcrypt minimizes the cost of key negotiation
on servers; a server using tcpcrypt can accept connections at 36 times
the rate achieved using SSL.





More information about the cap-talk mailing list