[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Obfuscated TCP: looking for testers

To: or-talk@xxxxxxxxxxxxx
Subject: Obfuscated TCP: looking for testers
From: "Adam Langley" <agl@xxxxxxxxxxxxxxxxxx>
Date: Wed, 23 Jul 2008 10:44:05 -0700
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Wed, 23 Jul 2008 13:44:12 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender :to:subject:mime-version:content-type:content-transfer-encoding :content-disposition:x-google-sender-auth; bh=jX8Whj7uZxjkD7sxqAx6Qa9DtMwtn2GfS2yXgztuL04=; b=xO8Y1FLWwHZDlg8VyxpG0NSEA0AJGAYpFTw9PBdizym5K+QLJZJ5bsHijPdYGDFIVg 8CMnnMmyQLQCk7RMCAKbieH9in2nlv/3tlaiEknfKbUfatFAnfuJQH13xkSbk6Phof0o hlJaZ5E4fSdAlUxesw+9pUF/s/bmbKhKGaOPg=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:mime-version:content-type :content-transfer-encoding:content-disposition:x-google-sender-auth; b=DOPrVYmk4p7VA4ZfaZcJh70rA47Nj/1LF4MPEb16sx6mOezFCGqqetB9Hm7juNqK+m +BvhxxdljN6ru6BUOJ0U+KTEsbMsoygrWfVU6LegmYivs5Pffm0IYrcQ3YeWOcdRh3Hp wgMbgUt/mhHhygoTVsxagwiTdC/View2iUO14=
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

Obfuscated TCP is a backwards-compatible modification to the TCP
protocol which adds opportunistic encryption. It's designed to hamper
and detect large-scale wiretapping and corruption of TCP traffic on
the Internet [1]

TLS is the solution to protecting sensitive information. However,
there's room for a low setup cost protocol to protect the bulk of
traffic which isn't currently encrypted. It can't stop a focused
attack, but it can assuage untargeted, dragnet sniffing of backbones
and spoofing of RST packets.

I figure that Tor users might be the kind of technically inclined
folks who might want to help out by testing this even though I've not
written any Tor code in quite a while. Note that, since obstcp has a
kernel component, you'd need to be able to patch and rebuild a kernel.

All the information is at: http://code.google.com/p/obstcp/wiki/Testing

Also, I'll be on #obstcp on OFTC today


Cheers,


[1] http://code.google.com/p/obstcp/

-- 
Adam Langley agl@xxxxxxxxxxxxxxxxxx http://www.imperialviolet.org

Prev by Author: Re: [OT] base64 messages
Next by Author: Is tor being slowed up to ~20ms per hop by TCP delayed ACK?
Previous by thread: Re: DNS queries through the Tor network
Next by thread: 0.2.1.2-alpha failing to upload descriptor updates automatically
Index(es):
- Author
- Thread