Obfuscated TCP (which has surfaced on this list before) has now been released in its third iteration[1]. For those who may remember it from iterations past, much has changed[2].
Obfuscated TCP is intended to encourage opportunistic encryption for all TCP connections, but concentrating on HTTP at first. The name is historical now and a little of a misnomer since it is now entirely a userspace concern. Brief summary: Public value are encoded in the CNAMEs of webservers (for example `dig obstcp.imperialviolet.org`). The CNAME contains an "advert" which encodes, along with the public value, an alternative port number. Capable browsers can fetch the CNAME using the standard gethostbyname(3) function and connect to the alternative port, sending their own public value followed by an encrypted stream of data. The public values are points on an elliptic curve and EC Diffie-Hellman is used for key agreement. Status: The core library is working as described and stable, if a little untested. Patches to Firefox and lighttpd are stable and functional. Patches to Apache are functional, but less stable. Comments welcome, testing even more so. Cheers AGL [1] http://code.google.com/p/obstcp/ [2] http://code.google.com/p/obstcp/wiki/History -- Adam Langley [EMAIL PROTECTED] http://www.imperialviolet.org _______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
