Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google's Obfuscated TCP

Posted by kdawson on from the shake-hands-when-you-say-that dept.

agl42 writes "Obfuscated TCP attempts to provide a cheap opportunistic encryption scheme for HTTP. Though SSL has been around for years, most sites still don't use it by default. By providing a less secure, but computationally and administratively cheaper, method of encryption, we might be able to increase the depressingly small fraction of encrypted traffic on the Internet. There's an introduction video explaining it."

3 of 392 comments (clear)

  1. Re:The implications? by MBCook · · Score: 5, Interesting

    Why?

    If you watch the "video", one of their explicit points (#2) is that the user shouldn't be informed of this. This will not trigger the little security lock icon. From a user's point of view, you shouldn't be able to tell if the web server you are connected to is unsecured or secured this this little bit of obfuscation.

    This isn't for real security, it's to make simple sniffing harder. As the video puts it, it simply raises the bar for someone who wants to read other people's traffic.

    It seems like a very good idea to me. It sounds quite intelligent (from what I know of TCP/IP, etc). Some protocols have need changes (protocols where there is one connection and it isn't dropped would need some way to communicate that the encryption is OK during the first (and possibly only) connection.

    Either way, it sounds like quite an improvement over what we have now.

    --
    Comment forecast: Bits of genius surrounded by a sea of mediocrity.
  2. Re:Firefox isn't helping by defaria · · Score: 5, Interesting

    There's an ambiguity to SSL certs. They do two things at once. They 1) prove that the person who has the cert is that person through a certificate authority and they 2) provide for encryption. Why not simply have grades of SSL? A self signed cert could then allow encryption and say perhaps show a yellow padlock whereas a CA signed cert could provide for encryption and provide CA authentication and give a green padlock or whatever. What's so freaking difficult about that?

  3. Re:Firefox isn't helping by profplump · · Score: 5, Interesting

    Or distinguish between "authenticated" and "encrypted"?

    Or finally admit that maybe there are more shades of grey than "secure" and "insecure" when it comes to send and fetching data over the Internet?