Google is first to integrate CurveCP to a web browser and address security concerns in the transmission control protocol (TCP) which runs on top of the Internet Protocol and is one of the two original building blocks of the Internet.

TCP has long been criticized to be outdated and carry substantial security risks, mainly due to a lack of support for authentication and encryption. The history of TCP goes back to 1974, when Vint Cerf and Bob Kahn described TCP in a paper entitled A Protocol for Packet Network Interconnection (PDF). 37 years later, it appears that there is an opportunity to replace TCP with a new technology called CurveCP, which was proposed by Daniel Bernstein, a professor at the University of Illinois at Chicago, in 2008 and formally announced in December of last year. CurveCP is part of Bernstein’s idea for DNSCurve, a new link-level DNS security protocol, and a possible replacement of the largely failed DNSSEC.

Google added CurveCP to Chromium builds last week as an “initial implementation” that is “not complete”, but “good enough to start collaboration.”

According to Bernstein, CurveCP uses high-speed elliptic curve cryptography to protect sent data packets against espionage and keep attackers from listening into data traffic. Elliptic curve cryptography was first mentioned by Neal Koblitz and Victor Miller in 1985  uses public key cryptography that is based on the elliptic curve theory. CurveCP was first integrated in the Networking and Cryptography library (NaCl) and began alpha testing in February of this year.

You can leave a response, or trackback from your own site.