1997-01-30 - Re: Workaround for filtering/cybersitter

Header Data

From: Pavel Korensky <pavelk@dator3.anet.cz>
To: wendigo@pobox.com
Message Hash: f154dae060462d83aa636ee1acd8a15d86ad0a839dfbbdeb41ba1b0bb97f9680
Message ID: <199701301527.HAA05667@toad.com>
Reply To: N/A
UTC Datetime: 1997-01-30 15:27:55 UTC
Raw Date: Thu, 30 Jan 1997 07:27:55 -0800 (PST)

Raw message

From: Pavel Korensky <pavelk@dator3.anet.cz>
Date: Thu, 30 Jan 1997 07:27:55 -0800 (PST)
To: wendigo@pobox.com
Subject: Re: Workaround for filtering/cybersitter
Message-ID: <199701301527.HAA05667@toad.com>
MIME-Version: 1.0
Content-Type: text/plain

Mark Rogaski <wendigo@pobox.com> wrote:
> If I had experience with Netscape plugins and spare time, I'd
> try it myself.  But here's my proposed solution.  
> A plugin in Netscape intercepts all requests,  encrypt the URL
> with a pubkey algorithm, encode the string base64, send it as GET input to
> a proxy server.
> The proxy server decodes and decrypts the URL, gets the requested page,
> and returns it.  This beats out URL-based filtering.
> Still need to figure out the specifics of key-exchange.  If we use
> 40-bit encryption, it's exportable, and it still works in our threat
> model (ie. we don't care if the watchers figure out the URL a few hours
> later).
> To beat out dropping packets with unacceptable pattern in them, we
> could use an SSL-based server as the proxy.
> The plugin could even have a nice little on/off switch and a list
> list of available proxies.

Nice, but I can see one problem here.
If I (as a censor) will want to block your communication to prohibited sites, I
can block the access to the proxy computers. You will just move the blocking
strategy one level up with your plug-in. The censor will block the web servers
AND proxy servers. Because the list of proxy servers must be available somehow
to users, it is very simple to write some kind of script running on the gateway
which is blocking the acccess. The script will download the list of proxy
servers, update the gateway tables and the gateway will be blocking acccess to
all sites on the proxy list. 

Bye PavelK

*                    Pavel Korensky (pavelk@dator3.anet.cz)                *
*     DATOR3 Ltd., Modranska 1895/17, 143 00 Prague 4, Czech Republic      *
*  PGP key fingerprint: 00 65 5A B3 70 20 F1 54  D3 B3 E4 3E F8 A3 5E 7C   *