On Tue, Jun 21, 2011 at 5:38 PM, James A. Donald <jam...@echeque.com> wrote: > The time is long overdue for an encryption protocol that is not layered on > top of tcp, and which has protocol negotiation built in.
It's called IPsec (KEs + ESP[/AH]). Unfortunately you kinda need an implementation of RFC5660 in order for IPsec to be useful for protecting whole packet flows consistently. IPsec is another example of where a lack of abstract APIs hindered development of the technology. Without APIs applications can't rely on IPsec, thus IPsec gets relegated to use cases where configuration suffices, which mostly are VPN use cases. Nico -- _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography