

Dan Bernstein's CurveCP in experimental release - jeremyw
http://curvecp.org/

======
JoachimSchipper
The short summary of CurveCP is that it's essentially an encrypted and
authenticated TCP[1] (tunneled over UDP). The main selling point is that it's
_fast_ , partly by clever protocol design and mostly by use of highly-
efficient elliptic curve cryptography.

It's really cool, but sadly probably doomed to obscurity - unencrypted
TCP/SSL/IPSec are "good enough".

[1] Actually, Dan Kaminsky stated that it's perfectly usable as a UDP
replacement.

------
jeremyw
Text of his announcement:

Hi everybody,

I've posted information about CurveCP at <http://curvecp.org>; and today's
release of NaCl includes command-line curvecpclient and curvecpserver tools.
There are many reasons that this curvecpclient+curvecpserver software isn't
ready for users yet---among other things,

    
    
      * the software hasn't gone through anywhere near my usual levels of
        testing and security review;
      * the software prioritizes simplicity over efficiency in several
        ways, missing some of the speed that CurveCP can provide; and
      * the software handles only CurveCP, without HTTPCurve, SMTPCurve,
        etc.
    

\---but if you're a programmer interested in CurveCP then I think this
software is a reasonable starting point for experimentation and further
development.

\---D. J. Bernstein Research Professor, Computer Science, University of
Illinois at Chicago

~~~
mukyu
Isn't the point to have this work below the application layer? We have to make
a new encrypted and authenticated transport layer and also rewrite all of the
application protocols?

Then again, with key distribution being done with nym urls the network stack
is more like a tangled ball of yarn.

------
_delirium
Here's Dan Kaminsky's thoughts on the proposal, fwiw, as of a month or so ago:
<http://dankaminsky.com/2011/01/05/djb-ccc/#curvecp>

------
dchest
And NaCl now has signatures based on curve25519:
_crypto_sign_edwards25519sha512batch_.

