[cap-talk] TCP encryption
naasking at higherlogics.com
Thu Jul 22 07:58:13 PDT 2010
Might be of wider interest to those lamenting the security of open networks:
The case for ubiquitous transport-level encryption
Today, Internet trafﬁc is encrypted only when deemed necessary.
Yetmodern CPUs could feasibly encrypt most trafﬁc. Moreover, the cost
of doing so will only drop over time. Tcpcrypt is a TCP extension
designed to make end-to-end encryption of TCP trafﬁc the default, not
the exception. To facilitate adoption tcpcrypt provides backwards
compatibility with legacy TCP stacks and middleboxes. Because it is
implemented in the transport layer, it protects legacy applications.
However, it also provides a hook for integration with application-layer
authentication, largely obviating the need for applications to encrypt
their own network trafﬁc and minimizing the need for duplication of
functionality. Finally, tcpcrypt minimizes the cost of key negotiation
on servers; a server using tcpcrypt can accept connections at 36 times
the rate achieved using SSL.
More information about the cap-talk