|
Obfuscated TCP (ObsTCP) was a proposal for a transport layer protocol which implements opportunistic encryption over TCP. It was designed to prevent mass wiretapping and malicious corruption of TCP traffic on the Internet, with lower implementation cost and complexity than TLS. In August 2008, IETF rejected the proposal for a TCP option, suggesting it be done on the application layer instead. The project has been inactive since a few months later. In 2010 June, a separate proposal called tcpcrypt has been submitted, which shares many of the goals of ObsTCP: being transparent to applications, opportunistic and low overhead. It requires even less configuration (no DNS entries or HTTP headers). Unlike ObsTCP, tcpcrypt also provides primitives down to the application to implement authentication and prevent man-in-the-middle attacks. ==Historical origin== ObsTCP was created by Adam Langley. The concept of obfuscating TCP communications using opportunistic encryption evolved through several iterations. The experimental iterations of ObsTCP used TCP options in 'SYN' packets to advertise support for ObsTCP, the server responding with a public key in the 'SYNACK'. An IETF draft protocol was first published in July 2008. Packets were encrypted with Salsa20/8,〔 (【引用サイトリンク】title=Snuffle 2005 ) 〕 and signed packets with MD5 checksums.〔 〕 The present (third) iteration uses special DNS records (or out of band methods) to advertise support and keys, without modifying the operation of the underlying TCP protocol.〔 〕 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Obfuscated TCP」の詳細全文を読む スポンサード リンク
|