Tcpcrypt (http://tcpcrypt.org/) proposes a new extension to TCP to enable opportunistic encryption with optional authentication. From a features and performance perspective, it's probably exactly what we need to get away from the almost-everything-in-the-clear Internet that we have today.
Unfortunately, it won't interact well with tor as tor is today: It's a TCP level technique and with tor the TCP sessions don't cross the network. This means it would provide security between an exit and the destination but not end to end security. I spent a little time thinking about this and trying to figure out if there were some socket options that could be added to tcpcrypt in order to make it run in a purely proxy mode where the data is end to end encrypted but the TCP still runs on the exit. However, I don't think this is possible: It integrates deeply with the TCP state machine. For example, it uses TCP's sequence numbers as the counter and replay prevention. It also uses TCP retransmission (with it's own MAC) to deal with forged data. I don't like the idea that a future layer-3 transport in tor is the solution to this: Today tor gains a lot of fingerprinting immunity by isolating the layer 3/4 and it's also nice that the tor software doesn't need access to weird raw sockets so that it can inject packets. So perhaps someone smarter than I can see a way that tor could gain end to end crypto in a world using tcpcrypt, perhaps with some changes to tcpcrypt? *********************************************************************** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/