Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google's Obfuscated TCP

Posted by kdawson on from the third-time's-the-charm dept.

agl42 writes "Obfuscated TCP is attempting to provide a cheap opportunistic encryption scheme for HTTP. Though SSL has been around for years, most sites still don't use it by default. By providing a less secure, but computationally and administratively cheaper, method of enctyption, we might be able to increase the depressingly small fraction of encrypted traffic on the Internet. There's an introduction video explaining it."

12 comments

  1. Multimedia meltdown... the tough times have hit. by Anonymous Coward · · Score: 0

    "Introduction Video" Where's the comic book?

  2. No responses by owlstead · · Score: 2, Interesting

    Any reason why there are no responses here? Have they been obfuscated somehow?
     

  3. kdawsonfud by Anonymous Coward · · Score: 0

    Maybe KDawson has been obfuscated, to the sidebar, by the other Slashdot team members. Probably because he's posted so much FUD in the past that the other editors don't trust him anymore.

  4. Not obfuscated, but... by DP1149 · · Score: 1

    See, it already works! It changed encrypted to enctypted. There. Fixed that for ya.

  5. Brilliant Idea by Anonymous Coward · · Score: 1, Interesting

    If this were to make it into the regular version of Firefox or Apache then it would be really useful, but it truly belongs in the kernel's TCP/IP stack.

  6. wait...what? by anthonys_junk · · Score: 1

    Is anybody else getting the feeling that this is a little half-baked?

    Why could we not fix some of the cost/uptake issues with SSL to encourage broader uptake rather than implement some broadly unsupported kludge that provides minimal benefit??

    --
    Barbara Felden claims prior art on the flip phone, sues Motorola, Nokia.
    1. Re:wait...what? by OldeClegg · · Score: 1

      > fix some of the cost/uptake issues with SSL

      Yep. Perhaps even (oh, heaven forfend!) publicly administered certs.

    2. Re:wait...what? by USPTO · · Score: 1

      Spin off the authentication part of SSL from the encryption part, and roll the encryption part into an http extension. Patch apache and firefox with the extension and see the fraction of encrypted traffic on the Internet go from depressingly small to impressively significant.

  7. Extra security by DaVince21 · · Score: 2, Informative

    I foresee this bringing extra security to already secured sites too. Nice.
    What would the general extra overhead be when this is implemented into TCP, though?

    --
    I am not devoid of humor.
  8. Host by google, not "Google's" by Anonymous Coward · · Score: 0

    alpha project bla, yea there's a monopoly on certs is the real problem not a technical limitation. Look at how many mail servers to TLS where possible.

  9. An Essential Development by maharg · · Score: 1

    Thank you - something of this sort is essential for the semantic web to work as envisaged by Berners-Lee - ubiquitous osfuscation/encryption ensuring trust in the medium carrying the knowledge. With Moore's law, there are good prospects for making tcp have strong inbuilt security. I've long thought that some of the mechanisms in use (SSL, Cookies..) are at too high a level in the stack. So I review this as the start of a much-need re-factoring. Kudos !

    --

    $ strings FTP.EXE | grep Copyright
    @(#) Copyright (c) 1983 The Regents of the University of California.