cnp/0.4 contnet.org/draft/cnp-encryption/
cnp/0.4 ok length=1217 modified=2021-02-05T08:26:28Z name=index.cnm time=2024-04-20T13:05:12Z type=text/cnm
title
	CNP encryption (draft)


content
	section Overview
		text fmt
			The CNP 0.4 specification uses raw TCP/IP as the default transport protocol. That means that all requests and responses can be intercepted and possibly modified by man-in-the-middle attackers.

			Ideally, CNP would always use TLS for its connections. The underlying protocol can remain otherwise unchanged.

			This would result in increased security and privacy, but potentially create several new problems. For example, use of compression may leak plaintext from the encrypted tunnels. Additionally, establishing TLS connections is more expensive than plain ones, since they require a TLS handshake. This may result in significantly worse performance on very high latency connections.

			TLS also requires the use of a signed certificate. Thankfully, @@https://letsencrypt.org/ Let's Encrypt@@ now provides these at no cost, so this requirement is not as prohibitive as it would have been a few years ago.

			See @@https://istlsfastyet.com/@@ for more information about TLS performance impacts.


site
	draft
		cnp-encryption

links
	/spec/  Specifications
	/doc/   Documents
	/draft/ Drafts
	/lib/   Libraries
	/util/  Tools and utilities