[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Workaround for filtering/cybersitter



Mark Rogaski <[email protected]> wrote:
> If I had experience with Netscape plugins and spare time, I'd
> try it myself.  But here's my proposed solution.  
> 
> A plugin in Netscape intercepts all requests,  encrypt the URL
> with a pubkey algorithm, encode the string base64, send it as GET input to
> a proxy server.
> 
> The proxy server decodes and decrypts the URL, gets the requested page,
> and returns it.  This beats out URL-based filtering.
> 
> Still need to figure out the specifics of key-exchange.  If we use
> 40-bit encryption, it's exportable, and it still works in our threat
> model (ie. we don't care if the watchers figure out the URL a few hours
> later).
> 
> To beat out dropping packets with unacceptable pattern in them, we
> could use an SSL-based server as the proxy.
> 
> The plugin could even have a nice little on/off switch and a list
> list of available proxies.

Nice, but I can see one problem here.
If I (as a censor) will want to block your communication to prohibited sites, I
can block the access to the proxy computers. You will just move the blocking
strategy one level up with your plug-in. The censor will block the web servers
AND proxy servers. Because the list of proxy servers must be available somehow
to users, it is very simple to write some kind of script running on the gateway
which is blocking the acccess. The script will download the list of proxy
servers, update the gateway tables and the gateway will be blocking acccess to
all sites on the proxy list. 

Bye PavelK


--
****************************************************************************
*                    Pavel Korensky ([email protected])                *
*     DATOR3 Ltd., Modranska 1895/17, 143 00 Prague 4, Czech Republic      *
*  PGP key fingerprint: 00 65 5A B3 70 20 F1 54  D3 B3 E4 3E F8 A3 5E 7C   *
****************************************************************************