Re: [obscurity-interest] [ietf-privacy] wrt tcpcrypt and obscrypt

Dean Willis <dean.willis@softarmor.com> Fri, 08 April 2011 04:00 UTC

Return-Path: <dean.willis@softarmor.com>
X-Original-To: obscurity-interest@core3.amsl.com
Delivered-To: obscurity-interest@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 65BE03A6A36; Thu, 7 Apr 2011 21:00:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.228
X-Spam-Level:
X-Spam-Status: No, score=-103.228 tagged_above=-999 required=5 tests=[AWL=-0.229, BAYES_00=-2.599, J_CHICKENPOX_72=0.6, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bza-i3rvDuu8; Thu, 7 Apr 2011 21:00:07 -0700 (PDT)
Received: from mail-yi0-f44.google.com (mail-yi0-f44.google.com [209.85.218.44]) by core3.amsl.com (Postfix) with ESMTP id B057D3A6A34; Thu, 7 Apr 2011 21:00:06 -0700 (PDT)
Received: by yic13 with SMTP id 13so1537445yic.31 for <multiple recipients>; Thu, 07 Apr 2011 21:01:51 -0700 (PDT)
Received: by 10.151.86.11 with SMTP id o11mr1631348ybl.45.1302235311353; Thu, 07 Apr 2011 21:01:51 -0700 (PDT)
Received: from [192.168.2.126] (cpe-66-25-14-128.tx.res.rr.com [66.25.14.128]) by mx.google.com with ESMTPS id p33sm1585126ybk.2.2011.04.07.21.01.48 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 07 Apr 2011 21:01:50 -0700 (PDT)
References: <4D936D36.5020709@KingsMountain.com>
In-Reply-To: <4D936D36.5020709@KingsMountain.com>
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=us-ascii
Message-Id: <BA8D6F6E-C927-480B-95FB-211B26F377DC@softarmor.com>
Content-Transfer-Encoding: quoted-printable
From: Dean Willis <dean.willis@softarmor.com>
Date: Thu, 7 Apr 2011 23:01:47 -0500
To: =JeffH <Jeff.Hodges@KingsMountain.com>
X-Mailer: Apple Mail (2.1084)
Cc: ietf-privacy@ietf.org, obscurity-interest@ietf.org
Subject: Re: [obscurity-interest] [ietf-privacy] wrt tcpcrypt and obscrypt
X-BeenThere: obscurity-interest@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Discussion of communications obscurity and real-time communications." <obscurity-interest.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/obscurity-interest>, <mailto:obscurity-interest-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/obscurity-interest>
List-Post: <mailto:obscurity-interest@ietf.org>
List-Help: <mailto:obscurity-interest-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/obscurity-interest>, <mailto:obscurity-interest-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Apr 2011 04:00:08 -0000

On Mar 30, 2011, at 12:49 PM, =JeffH wrote:

> > 1) We should try to drive the widespread use of encryption.This makes
> > encrypted real-time channels (and other things that benefit from security)
> > stand out less than they otherwise might. The general principle is that good
> > network citizens, along with sharing the net gracefully, should help their
> > neighbors hide from attacks.
> >
> > Along these lines, we'd like to encourage the IETF to NOT develop more
> > protocols with encrypted and unencrypted variants. Unless protocols NEED to
> > be unencyypted, they need to be protected. We should also encourage
> > deprecation of the current unencrypted variants.
> >
> >
> > everybody should look at the "tcpcrypt" draft. This has the potential to
> > opportunistically encrypt applications using TCP and nicely augments TCP
> > applications.It might be possible to do somethi'ng similar to do something
> > similsr for UDP.
> 
> In terms of the latter, I believe you mean..
> 
> draft-bittau-tcp-crypt-00
> 
> see also: http://tcpcrypt.org/
> 
> I've played with the impl on linux and it apparently worked. ( I left comment #46 here: http://tcpcrypt.org/fame.php )
> 


Yes, that's the one. I talked it over with co-author Mark Handley while in Prague. He had so far not done much to socialize the draft, but was starting to talk about it some during the meeting. I also discussed with with EKR, who didn't seem to see much of an advantage over TLS.

> 
> there's also this similar work to take a look at..
> 
> Opportunistic Encryption Everywhere - Adam Langley
> http://w2spconf.com/2009/papers/s1p2.pdf
> 
> https://secure.wikimedia.org/wikipedia/en/wiki/Obfuscated_TCP
> 
> 

Good reference. Thanks!

> AdamL brought his stuff up on the tcp list (not sure offhand of exact list moniker) and it got shot down (so he felt, but he didn't try for more than just 3 days to get acceptance... :)
> 

It's hard to get stuff past the TLS lobby, I think.

--
Dean