From: Pavel Korensky <pavelk@dator3.anet.cz>
To: wendigo@pobox.com
Message Hash: b27815f9266367e681828dfe6e1beddd6a0326c3e941a880dea62c52f6c68ebe
Message ID: <199701301053.LAA00250@zenith.dator3.anet.cz>
Reply To: <199701292156.NAA12978@toad.com>
UTC Datetime: 1997-01-30 11:05:14 UTC
Raw Date: Thu, 30 Jan 1997 03:05:14 -0800 (PST)
From: Pavel Korensky <pavelk@dator3.anet.cz>
Date: Thu, 30 Jan 1997 03:05:14 -0800 (PST)
To: wendigo@pobox.com
Subject: Re: Workaround for filtering/cybersitter
In-Reply-To: <199701292156.NAA12978@toad.com>
Message-ID: <199701301053.LAA00250@zenith.dator3.anet.cz>
MIME-Version: 1.0
Content-Type: text/plain
Mark Rogaski <wendigo@pobox.com> wrote:
> If I had experience with Netscape plugins and spare time, I'd
> try it myself. But here's my proposed solution.
>
> A plugin in Netscape intercepts all requests, encrypt the URL
> with a pubkey algorithm, encode the string base64, send it as GET input to
> a proxy server.
>
> The proxy server decodes and decrypts the URL, gets the requested page,
> and returns it. This beats out URL-based filtering.
>
> Still need to figure out the specifics of key-exchange. If we use
> 40-bit encryption, it's exportable, and it still works in our threat
> model (ie. we don't care if the watchers figure out the URL a few hours
> later).
>
> To beat out dropping packets with unacceptable pattern in them, we
> could use an SSL-based server as the proxy.
>
> The plugin could even have a nice little on/off switch and a list
> list of available proxies.
Nice, but I can see one problem here.
If I (as a censor) will want to block your communication to prohibited sites, I
can block the access to the proxy computers. You will just move the blocking
strategy one level up with your plug-in. The censor will block the web servers
AND proxy servers. Because the list of proxy servers must be available somehow
to users, it is very simple to write some kind of script running on the gateway
which is blocking the acccess. The script will download the list of proxy
servers, update the gateway tables and the gateway will be blocking acccess to
all sites on the proxy list.
Bye PavelK
--
****************************************************************************
* Pavel Korensky (pavelk@dator3.anet.cz) *
* DATOR3 Ltd., Modranska 1895/17, 143 00 Prague 4, Czech Republic *
* PGP key fingerprint: 00 65 5A B3 70 20 F1 54 D3 B3 E4 3E F8 A3 5E 7C *
****************************************************************************
Return to January 1997
Return to “Pavel Korensky <pavelk@dator3.anet.cz>”