[clug] OT: Protesting the proposed clean feed?

[Sunnz]

2008/10/23 Sam Couter <sam at couter.id.au>:
>
>> I have been looking at "Obfuscated TCP":
>> http://code.google.com/p/obstcp/ which from what I understand, it uses
>> DH to establish an encrypted TCP connection between any 2 endpoints,
>> could it possibly be used to make https remain a secure protocol free
>> of interception?
>
> If I'm going to the trouble of setting this up, why not just use IPSec?
> And what makes Obfuscated TCP more difficult to intercept than HTTPS
> already is?

>From what I have read, it just seems like OTCP is easier for the
general public, if both client and server side supports it, it kind of
just does it automatically, the user don't have to click on anything
special, OTCP is installed on their computer, any OTCP enabled servers
will do encryption automatically. Like wise, if only one of the side
doesn't support OTCP, the OTCP-enabled side just knows what to do, no
user interaction required.

It uses DH which from what I understand, you can't do a MITM, or can you?

Anyway, yea, IPsec or VPN would be more general solution, except, when
the ISP do intercept your connection, and use their own certificate,
then what are you going to do? If you don't accept it you can't
connect to the server you want; if you accept it then you know your
connection is being intercepted.

-- 
This e-mail may be confidential. You may not copy, forward or use any
part. All disclaimers on the Internet are of zero legal effectiveness
however. http://www.goldmark.org/jeff/stupid-disclaimers/