LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Blocking secure traffic

Blocking secure traffic

Posted Feb 16, 2012 9:33 UTC (Thu) by epa (subscriber, #39769)
Parent article: Tor offers SSL obfuscation for users behind censorship walls

This is a good reason to use https by default: if 90% of sites on the web were using https, it would not be possible for governments to block secure traffic without blocking the whole Internet. Apart from the protection racket with SSL certificates, what's stopping more everyday use of https? I was under the impression that modern CPUs were easily able to handle the encryption work, so is it just inertia?

(Log in to post comments)

Blocking secure traffic

Posted Feb 16, 2012 10:12 UTC (Thu) by Fowl (subscriber, #65667) [Link]

They'd grab some MITM hardware and force everyone (in their jurisdiction) to 'trust' their root cert.

For the rest of the world, where we try to be less blatant you're certainly correct. I for one would like to see something like tcpcrypt become standard.

Oh and the world looks like it's moving this way, see SPDY, which requires TLS (partially because that's the only way to get around the legions of broken proxies out there).

Blocking secure traffic

Posted Feb 16, 2012 15:18 UTC (Thu) by intgr (subscriber, #39733) [Link]

> I for one would like to see something like tcpcrypt become standard.

Agreed. Sadly, it seems the tcpcrypt project is dead. The last commits in their github were in July 2011 and there has been only 1 post on their mailing list since May 2011. The last RFC draft was posted in August, but it's not clear when the last changes were made.

Blocking secure traffic

Posted Feb 20, 2012 9:42 UTC (Mon) by osma (subscriber, #6912) [Link]

Apart from the protection racket with SSL certificates, what's stopping more everyday use of https? I was under the impression that modern CPUs were easily able to handle the encryption work, so is it just inertia?
Lack of IPv4 addresses is one important blocker. You can host a huge number of HTTP websites on a single IP, but doing so for HTTPS is problematic. Server Name Indication is still not universally supported by browsers, and unversal IPv6 support will also take a while.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds