Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Defeating massive wiretapping with opportunistic, unauthenticated encryption in HTTP ?

adrelanos adrelanos at riseup.net
Sat Oct 26 04:37:23 PDT 2013


Fabio Pietrosanti (naif):
> I know that this kind of argument attract crypto-trolling ("Javascript
> encryption" and "Unauthenticated encryption" and "Opportunistic
> encryption")

I hope we can put that aside.

> but i think that it's worth discussing because it could be
> a revolutionary approach to challenge massive wiretapping.

Sure! It would higher the bar. Require active attacks. Passive
eavesdropping would no longer do it. Therefore we should definitively go
for it.

Selling "we must actively attack all traffic so we can read it" to
citizen seems much more difficult than selling "we just passively
eavesdrop on what is unencrypted".

> What does various people think about this approach?

What about tcpcrypt? It does all that?

Its concept should be fine?

Now sure about its implementation. Efforts stalled? Care to contact them?

tcpcrypt could encrypt any tcp, not just browser/web. I would be even
more happy about IPcrypt, opportunistic unauthenticated encryption built
into the Linux kernel.

[1] http://tcpcrypt.org/
[2] https://en.wikipedia.org/wiki/Tcpcrypt




More information about the liberationtech mailing list