RE: Some thoughts on the Chinese Net

["Robichaux, Paul E" <perobich@ingr.com>]

Jon--

I would suggest that the Chinese solution to these problems is singular, 
and simple: the total inability to conduct any transaction anonymously.

My guess would instead be that the Chinese would register IP addresses to 
individuals. The precedent's been set already with registration of 
photocopiers, typewriters, and mimeograph machines. As Perry pointed out, 
RSA-signing each and every packet would be prohibitive. Assuming that their 
real interest is in controlling diffusion of information to and from the 
'net-- and not moderating what goes on in the Chinese intranet (or 
inter-intra-net, I guess) I think address registration would be a logical 
first step.

The simple portion is a national (Chinese) database associating true 
names with key IDs. These keys will be usable only to sign documents, not 
to encrypt information, similar to the Federal DSS.

If the binding is instead true name <-> IP address, then the censors drop, 
block, delay, or spoof packets from thoughtcriminals instead of refusing to 
sign them. This avoids both the signature overhead and the expenditure of 
hard currency on gwai lo.

Now that all information has a recognizable source, dissidents in China 
can be arrested, and unacceptable information never makes it into the 
country.

Registering IP addresses of course won't block out thoughtcrime originating 
outside China, but unless everyone else adopts the packet signing scheme you 
outline the censors will still have to filter incoming material 
semi-manually. As far as I can tell their government is at least as 
interested in keeping things in as they are keeping out the Four Horsemen.

-Paul