just wondering what protocol could use the plain mode?
openvpn : since the packet structure is identifiable with DPI, I think it won't work in Plain....
ssh : only the handshake can be identified with DPI (it seems)
to avoid overhead encrypt over encrypt I wonder if it would be possible to encrypt partially (temporal or packet parts) to only hide the parts that are "DPI" weak
- for SSH only encrypt the handshake and a few (configurable) following packets then transmit plain (a "encrypted packet count" parameter in config or "encrypted reply count" or "encrypted time duration" (think it's less safe, since depend of the connection lag...) )
- for openvpn encrypt partially the packets (a "packet partial encryption offset and size" parameter in config) although openvpn tls-crypt would do (it seems) to allow use of plain?
best regards.
just wondering what protocol could use the plain mode?
openvpn : since the packet structure is identifiable with DPI, I think it won't work in Plain....
ssh : only the handshake can be identified with DPI (it seems)
to avoid overhead encrypt over encrypt I wonder if it would be possible to encrypt partially (temporal or packet parts) to only hide the parts that are "DPI" weak
best regards.