Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.cs.su.oz.au!metro!metro!munnari.OZ.AU!news.ecn.uoknor.edu!news.wildstar.net!news.ececs.uc.edu!news.kei.com!newsfeed.internetmci.com!nntp-hub2.barrnet.net!nntp-hub3.barrnet.net!mars.hyperk.com!darkstar!cmott From: Charles Mott <cmott@srv.net> Newsgroups: comp.unix.bsd.freebsd.misc Subject: TCP Encryption, part 2 Date: Sun, 29 Sep 1996 12:59:22 -0600 Organization: SRVnet, Inc. Lines: 42 Message-ID: <Pine.BSF.3.91.960929121424.16142A-100000@darkstar> NNTP-Posting-Host: ras87.srv.net Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Sender: cmott@darkstar Orthodox opinion states that encryption should be in the application layer and not the transport layer. My counter-argument is that there is value in having a first layer of security embedded as an option in TCP. For instance, if I connected to an http or anonymous ftp server supporting a common transport layer encryption standard, it would be considerably more difficult for a snooper to see what material I was downloading. The point is to add some privacy to routine communications that we are not overly concerned about. It is like preventing someone from rummaging through your trash for various slips of paper, each one insiginificant, but together telling a story about yourself, your family, your friends, your work or your personal interests. For truly secure communications, an application layer solution is necessary, but I think it would be highly desirable for routine telnet, ftp, smtp, gopher and http connections have some degree of security. Also, any other applications would automatically be encrypted without having to add special code. If we consider the North American AMPS cell phone standard, all conversations are available, in the clear, to anyone with an appropriate hand held scanner. An analogous state of affairs exists for the great majority of internet traffic. I think that a well thought out, operationally efficient, tcp encryption standard would benefit network users. I think the FreeBSD community, being small but widespread, would be a good starting place for such development. If there are a core group of users who agree with my viewpoint, I am willing to do the development work. Those who have used my user ppp masquerading software (http://ww.srv.net/~cmott/alias.html) will know that I am serious. A tcp encryption option would not entail very much code (maybe 300 to 500 lines), but the basic concept has to be well thought out before coding. To that end, I am willing to set up a web page, where various ideas can be collected, and eventually a coherent design can be outlined. Again, the initiation of this project depends on a core group of users being interested and willing to contribute ideas and help in testing. Charles Mott