Ask HN: What Ever Happened to CurveCP?

7 points by georgia_peach ↗ HN
DJB announced it back in 2010. The website is still up, but aside from the occasional discussion here, not much to be found.

https://www.curvecp.org/index.html

I'd have expected better uptake for a DJB production. What's the story here?

4 comments

[ 2.3 ms ] story [ 21.4 ms ] thread
What features does if offer that we can’t do today with TLS?
CurveCP is (was?) designed to be more lightweight and efficient than industry standards. 1-RTT session bootstrapping, forward secure encryption and authentication, per datagram public-key encryption, while leaving only the ephemeral public key, the connection ID, and per-message nonce in the clear.

While the ciphersuite employed in CurveCP (i.e., Curve25519) is being added to TLS (i.e., with draft-josefsson-tls-curve25519 and X25519 in Chrome), CurveCP is more amenable to be contrasted with DTLS and other transport security protocols working with datagrams, being based on UDP.

How do peers negotiate keys? Do they need a trust store like Firefox etc? (i.e. https://wiki.mozilla.org/CA)
The peers negotiate a session key from their ephemeral public keys in a two rounds exchange.

In the vision of DJB this was designed to work with DNSCurve, where network domain names are authenticated at the packet level.