Eric Curtin <ericcurtin17@xxxxxxxxx> wrote: > Hope I'm not bothering you. I'm looking for a masters thesis idea, ... > I'm really liking this > new QUIC (UDP) protocol as an alternative to TCP over TLS. And with > the growth of new modern secure protocols like Wireguard. I was > wondering, would it be an idea to do a monolithic secure TCP protocol > (as an alternative to TCP over TLS) as a small thesis project or is it > as hard as the guys at Google make is sound? > > "Because TCP is implemented in operating system kernels, and middlebox > firmware, making significant changes to TCP is next to impossible." I'm inclined to agree with the Google folk on that. However, what about IPsec? That was designed to secure anything-over-IP so it should be a more general solution. The FreeS/WAN project added opportunistic encryption for wider availability https://freeswan.org/freeswan_trees/freeswan-2.06/doc/intro.html#goals Today some opportunistic encryption protocols -- SMTP-over-TLS and HTTPS Everywhere -- are quite widespread but my impression is that opportunistic IPsec is not. Would adding it to an open source router be a thesis-sized project? Or, since routers likely have IPsec already, just making it easier to deploy? > I'm open to any other suggestions also for my thesis :) Linux's OOM killer strikes me as a spectacularly ugly kluge, but people who are certainly more knowledgeable and likely more competent seem to think it is necessary. Is there a thesis in examining it, looking at how other Unix-like systems handle the problem & perhaps implementing an alternative for Linux?