Basically another case of using UDP to re-create what TCP does. It also combines pipe encryption (a la TLS), attempts to prevent types of denial of service attacks. Think of enet but with crypto.

• ENet networking library.

There is a bunch of math markup I haven't read thoroughly. It mostly provides more implementation details.

Goals

• Encrypt all traffic.
• Secure against DoS attacks.
• Obsoletes TLS because all communication is fully encrypted.
• Obsoletes TCP and uses its own frames over UDP.
• Eliminate three-way handshake by returning a server's key during the DNS lookup phase
• Twice as fast as unencrypted TCP.
• Four times faster than OpenSSL.
• Connections can be ported across endpoints for mobile/travelling users.
• Merges key handshaking with DNS requests to eliminate more network state.

Definitions

• Key erasure: capturing the key at a later time does not expose past communications.
• Identity: A public/private key pair that describes a user.
• Anonymity: a user who generates a new identity for each session.
• Tunnel: a pipeline between a user and a server which carries one or more connections.
• Control Connection: Special channel which does control things.
• Long-term certificate: Binds a server key to a host name.
• Ephemeral certificate: Shorter lived key used to open connections with the host.
• Service record: contains certificate and connection information bound to a given name.

Users create a "tunnel" to communicate between their computer and a server. They can create multiple connections within this tunnel so all communication between that client-server pair is coalesced together.

The control channel carries remote procedure calls to create, close and modify other connections from the tunnel.

Trivia

• 500ms latency loses 25% of users (Google)
• UX degrades at waits of 100ms (probably Nielson-Normans)