[liberationtech] Defeating massive wiretapping with opportunistic, unauthenticated encryption in HTTP ?
adrelanos
adrelanos at riseup.net
Sat Oct 26 04:37:23 PDT 2013
Fabio Pietrosanti (naif):
> I know that this kind of argument attract crypto-trolling ("Javascript
> encryption" and "Unauthenticated encryption" and "Opportunistic
> encryption")
I hope we can put that aside.
> but i think that it's worth discussing because it could be
> a revolutionary approach to challenge massive wiretapping.
Sure! It would higher the bar. Require active attacks. Passive
eavesdropping would no longer do it. Therefore we should definitively go
for it.
Selling "we must actively attack all traffic so we can read it" to
citizen seems much more difficult than selling "we just passively
eavesdrop on what is unencrypted".
> What does various people think about this approach?
What about tcpcrypt? It does all that?
Its concept should be fine?
Now sure about its implementation. Efforts stalled? Care to contact them?
tcpcrypt could encrypt any tcp, not just browser/web. I would be even
more happy about IPcrypt, opportunistic unauthenticated encryption built
into the Linux kernel.
[1] http://tcpcrypt.org/
[2] https://en.wikipedia.org/wiki/Tcpcrypt
More information about the liberationtech
mailing list