Idea: opportunistic TCP-level crypto

[Thomas Shaddack]

There is plenty of space available in the form of (normally unused)
payload of TCP SYN, SYN/ACK, and ACK packets. Could they be used to
announce the intention/capabilities for an encrypted connection,
eventually serve for authenticating the connection?

This way there would be virtually no overheads in the connection in the
case one of the sides doesn't offer opportunistic crypto; the packet
payload data would get ignored in that case.


For UDP connections, handshake using ICMP packets in a ping-like scenario
could be possible; send ICMP_ECHO_REQUEST to the server with the payload
containing a handshake request. If the ICMP_ECHO_REPLY returned contains
the handshake acknowledge, proceed, otherwise assume the server doesn't
speak our dialect of OE.


Opinions, comments? Why this wouldn't work?