Categories
Posts

tcpcrypt

TCP layer encryption:

Tcpcrypt is opportunistic encryption. If the other end speaks Tcpcrypt, then your traffic will be encrypted; otherwise it will be in clear text. Thus, Tcpcrypt alone provides no guarantees—it is best effort. If, however, a Tcpcrypt connection is successful and any attackers that exist are passive, then Tcpcrypt guarantees privacy.

I find the idea of pushing encryption down to lower layers of the stack really appealing. Why limit crypto to just HTTPS, why not all of my TCP traffic?

There is no doubt that deploying something like this will bring up more issues and questions. If this is a good long term solution though, the sooner we face those questions and issues the better.