CurveCP: Usable security for the Internet


Introduction
Main features:
Confidentiality
Integrity
Availability
Efficiency
Decongestion
Addressing
Protocol details:
Packets
Nonces
Messages
Integration:
HTTP
SMTP
Programming:
Message handlers

HTTPCurve: using CurveCP to protect HTTP

This page is under construction.

There are two competing models for CurveCP deployment: the "simple" model and the "tunnel" model. At the moment this page describes only the "simple" model, and provides only a brief summary of the model.

There are three steps for a system administrator to enable CurveCP for HTTP:

  • Install a CurveCP forwarder on UDP port 80, on the same IP address that runs an HTTP server on TCP port 80.
  • Check firewall configuration to ensure that UDP port 80 is reachable under the same rules as TCP port 80.
  • Put the forwarder's public key into DNS as described below.

When a CurveCP-aware client is about to contact an HTTP server, it checks the server name to see whether the name contains a correctly encoded CurveCP public key and extension. If so, the client makes a CurveCP connection to UDP port 80, rather than a TCP connection to TCP port 80.

The details of checking a server name aren't documented here yet but are similar to the details of DNSCurve.

Version

This is version 2011.02.11 of the httpcurve.html web page.