Google's Obfuscated TCP

← Back to Stories (view on slashdot.org)

Posted by kdawson on Monday October 6, 2008 @12:53PM from the third-time's-the-charm dept.

agl42 writes "Obfuscated TCP is attempting to provide a cheap opportunistic encryption scheme for HTTP. Though SSL has been around for years, most sites still don't use it by default. By providing a less secure, but computationally and administratively cheaper, method of enctyption, we might be able to increase the depressingly small fraction of encrypted traffic on the Internet. There's an introduction video explaining it."

8 of 12 comments (clear)

Min score:

Reason:

Sort:

No responses by owlstead · 2008-10-07 10:07 · Score: 2, Interesting

Any reason why there are no responses here? Have they been obfuscated somehow?
Not obfuscated, but... by DP1149 · 2008-10-07 11:16 · Score: 1

See, it already works! It changed encrypted to enctypted. There. Fixed that for ya.
Brilliant Idea by Anonymous Coward · 2008-10-07 11:59 · Score: 1, Interesting

If this were to make it into the regular version of Firefox or Apache then it would be really useful, but it truly belongs in the kernel's TCP/IP stack.
wait...what? by anthonys_junk · 2008-10-07 18:12 · Score: 1

Is anybody else getting the feeling that this is a little half-baked?

Why could we not fix some of the cost/uptake issues with SSL to encourage broader uptake rather than implement some broadly unsupported kludge that provides minimal benefit??

--
Barbara Felden claims prior art on the flip phone, sues Motorola, Nokia.
1. Re:wait...what? by OldeClegg · 2008-10-07 19:21 · Score: 1
  
  > fix some of the cost/uptake issues with SSL
  Yep. Perhaps even (oh, heaven forfend!) publicly administered certs.
2. Re:wait...what? by USPTO · 2008-10-07 23:20 · Score: 1
  
  Spin off the authentication part of SSL from the encryption part, and roll the encryption part into an http extension. Patch apache and firefox with the extension and see the fraction of encrypted traffic on the Internet go from depressingly small to impressively significant.
Extra security by DaVince21 · 2008-10-08 00:49 · Score: 2, Informative

I foresee this bringing extra security to already secured sites too. Nice.
What would the general extra overhead be when this is implemented into TCP, though?

--
I am not devoid of humor.
An Essential Development by maharg · 2008-10-11 00:44 · Score: 1

Thank you - something of this sort is essential for the semantic web to work as envisaged by Berners-Lee - ubiquitous osfuscation/encryption ensuring trust in the medium carrying the knowledge. With Moore's law, there are good prospects for making tcp have strong inbuilt security. I've long thought that some of the mechanisms in use (SSL, Cookies..) are at too high a level in the stack. So I review this as the start of a much-need re-factoring. Kudos !

--

$ strings FTP.EXE | grep Copyright
@(#) Copyright (c) 1983 The Regents of the University of California.