[obscurity-interest] wrt tcpcrypt and obscrypt

=JeffH <Jeff.Hodges@KingsMountain.com> Wed, 30 March 2011 17:48 UTC

Return-Path: <Jeff.Hodges@KingsMountain.com>
X-Original-To: obscurity-interest@core3.amsl.com
Delivered-To: obscurity-interest@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C880A3A6BAE for <obscurity-interest@core3.amsl.com>; Wed, 30 Mar 2011 10:48:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.359
X-Spam-Level:
X-Spam-Status: No, score=-100.359 tagged_above=-999 required=5 tests=[AWL=1.306, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, J_CHICKENPOX_72=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rwFtexkhFFd7 for <obscurity-interest@core3.amsl.com>; Wed, 30 Mar 2011 10:48:57 -0700 (PDT)
Received: from outbound-mail-01.bluehost.com (cpoproxy1-pub.bluehost.com [69.89.21.11]) by core3.amsl.com (Postfix) with SMTP id 2B6E43A6BAA for <obscurity-interest@ietf.org>; Wed, 30 Mar 2011 10:48:57 -0700 (PDT)
Received: (qmail 3249 invoked by uid 0); 30 Mar 2011 17:50:36 -0000
Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by cpoproxy1.bluehost.com with SMTP; 30 Mar 2011 17:50:36 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=kingsmountain.com; h=Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:Content-Type:Content-Transfer-Encoding:X-Identified-User; b=bNjaXzMZeZb3YzwC2HhQm+ip8olFoe/2FZlmdB57Eijzh4ooguseGdBsXZW3agic+7BHF5w/k70V+Pe/WEh+DdsugA3NeIRVVHiPWKfaY1HxC6X+9xAma4DUd2qTG9oN;
Received: from [130.129.67.197] by box514.bluehost.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <Jeff.Hodges@KingsMountain.com>) id 1Q4zXP-0004Mi-Na; Wed, 30 Mar 2011 11:50:35 -0600
Message-ID: <4D936D36.5020709@KingsMountain.com>
Date: Wed, 30 Mar 2011 10:49:42 -0700
From: =JeffH <Jeff.Hodges@KingsMountain.com>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.14) Gecko/20110223 Thunderbird/3.1.8
MIME-Version: 1.0
To: obscurity-interest@ietf.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 130.129.67.197 authed with jeff.hodges+kingsmountain.com}
Cc: ietf-privacy@ietf.org
Subject: [obscurity-interest] wrt tcpcrypt and obscrypt
X-BeenThere: obscurity-interest@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Discussion of communications obscurity and real-time communications." <obscurity-interest.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/obscurity-interest>, <mailto:obscurity-interest-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/obscurity-interest>
List-Post: <mailto:obscurity-interest@ietf.org>
List-Help: <mailto:obscurity-interest-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/obscurity-interest>, <mailto:obscurity-interest-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Mar 2011 17:48:59 -0000

 > 1) We should try to drive the widespread use of encryption.This makes
 > encrypted real-time channels (and other things that benefit from security)
 > stand out less than they otherwise might. The general principle is that good
 > network citizens, along with sharing the net gracefully, should help their
 > neighbors hide from attacks.
 >
 > Along these lines, we'd like to encourage the IETF to NOT develop more
 > protocols with encrypted and unencrypted variants. Unless protocols NEED to
 > be unencyypted, they need to be protected. We should also encourage
 > deprecation of the current unencrypted variants.
 >
 >
 > everybody should look at the "tcpcrypt" draft. This has the potential to
 > opportunistically encrypt applications using TCP and nicely augments TCP
 > applications.It might be possible to do somethi'ng similar to do something
 > similsr for UDP.

In terms of the latter, I believe you mean..

draft-bittau-tcp-crypt-00

see also: http://tcpcrypt.org/

I've played with the impl on linux and it apparently worked. ( I left comment 
#46 here: http://tcpcrypt.org/fame.php )


there's also this similar work to take a look at..

Opportunistic Encryption Everywhere - Adam Langley
http://w2spconf.com/2009/papers/s1p2.pdf

https://secure.wikimedia.org/wikipedia/en/wiki/Obfuscated_TCP


AdamL brought his stuff up on the tcp list (not sure offhand of exact list 
moniker) and it got shot down (so he felt, but he didn't try for more than just 
3 days to get acceptance... :)


HTH,

=JeffH