Obfuscated TCP is an idea I've been following for awhile. As we all know, commodity Internet traffic is transmitted in plaintext and readable for anyone who has access to tha part of tha tubes where ur precious infoz are flowin'
The most common solutions for ensuring privacy are SSL/TLS which aim to solve a number of problems simultaneously, including secure encrypted communication and identity validation which further enhances security by attempting to prevent MITM attacks and so forth.
However, identity verification works only as well as you can trust the person doing the verification (see Zooko's triangle) and the best assurances we have that someone is who they claim to be come only from the fact that they've paid a trusted individual to vouch for them. What kind of trust is that?
Obfuscated TCP doesn't try to solve the identity problem or MITM attacks (although the latter can potentially be solved in conjunction with obsctp using technologies like DNSSEC and DNSCurve).
Instead, Obfuscated TCP, in its latest incarnation, uses DNS to determine if a particular host offers Obfuscated TCP, and if so opens a connection with it. Obfuscated TCP just encrypts your connection. There's no certificate chain. There's no popups warning you of invalid identities. If someone wants to MITM you they still can (but of course that applies just as much to plaintext TCP). All Obfuscated TCP aims to do is provide the simplest way of encrypting your traffic seamlessly so as to prevent third party snooping.
So what do you think? Good idea? Bad idea?
The most common solutions for ensuring privacy are SSL/TLS which aim to solve a number of problems simultaneously, including secure encrypted communication and identity validation which further enhances security by attempting to prevent MITM attacks and so forth.
However, identity verification works only as well as you can trust the person doing the verification (see Zooko's triangle) and the best assurances we have that someone is who they claim to be come only from the fact that they've paid a trusted individual to vouch for them. What kind of trust is that?
Obfuscated TCP doesn't try to solve the identity problem or MITM attacks (although the latter can potentially be solved in conjunction with obsctp using technologies like DNSSEC and DNSCurve).
Instead, Obfuscated TCP, in its latest incarnation, uses DNS to determine if a particular host offers Obfuscated TCP, and if so opens a connection with it. Obfuscated TCP just encrypts your connection. There's no certificate chain. There's no popups warning you of invalid identities. If someone wants to MITM you they still can (but of course that applies just as much to plaintext TCP). All Obfuscated TCP aims to do is provide the simplest way of encrypting your traffic seamlessly so as to prevent third party snooping.
So what do you think? Good idea? Bad idea?
Comment