Forgot your password?
typodupeerror
Google Encryption Security The Internet Your Rights Online

Google's Obfuscated TCP 12

Posted by kdawson
from the third-time's-the-charm dept.
agl42 writes "Obfuscated TCP is attempting to provide a cheap opportunistic encryption scheme for HTTP. Though SSL has been around for years, most sites still don't use it by default. By providing a less secure, but computationally and administratively cheaper, method of enctyption, we might be able to increase the depressingly small fraction of encrypted traffic on the Internet. There's an introduction video explaining it."
This discussion has been archived. No new comments can be posted.

Google's Obfuscated TCP

Comments Filter:
  • No responses (Score:3, Interesting)

    by owlstead (636356) on Tuesday October 07, 2008 @06:07PM (#25292759)

    Any reason why there are no responses here? Have they been obfuscated somehow?
     

  • See, it already works! It changed encrypted to enctypted. There. Fixed that for ya.
  • Brilliant Idea (Score:1, Interesting)

    by Anonymous Coward

    If this were to make it into the regular version of Firefox or Apache then it would be really useful, but it truly belongs in the kernel's TCP/IP stack.

  • Is anybody else getting the feeling that this is a little half-baked?

    Why could we not fix some of the cost/uptake issues with SSL to encourage broader uptake rather than implement some broadly unsupported kludge that provides minimal benefit??
    • by OldeClegg (32696)

      > fix some of the cost/uptake issues with SSL

      Yep. Perhaps even (oh, heaven forfend!) publicly administered certs.

      • by USPTO (1266948)
        Spin off the authentication part of SSL from the encryption part, and roll the encryption part into an http extension. Patch apache and firefox with the extension and see the fraction of encrypted traffic on the Internet go from depressingly small to impressively significant.
  • Extra security (Score:2, Informative)

    by DaVince21 (1342819)
    I foresee this bringing extra security to already secured sites too. Nice.
    What would the general extra overhead be when this is implemented into TCP, though?
  • Thank you - something of this sort is essential for the semantic web to work as envisaged by Berners-Lee - ubiquitous osfuscation/encryption ensuring trust in the medium carrying the knowledge. With Moore's law, there are good prospects for making tcp have strong inbuilt security. I've long thought that some of the mechanisms in use (SSL, Cookies..) are at too high a level in the stack. So I review this as the start of a much-need re-factoring. Kudos !

I've never been canoeing before, but I imagine there must be just a few simple heuristics you have to remember... Yes, don't fall out, and don't hit rocks.

Working...