[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NYET--attempted formal specs (again)



-----BEGIN PGP SIGNED MESSAGE-----

Nathan Zook writes:
[ . . . ]
 > NYET-- Non-Youths Exhibit Temperance.
 >  
 > This is a rising, legitamate concern among parents that their children
 > have all-to-easy access to porn on the internet.  Last year, there
[ . . . ]
 >  
 > But none of these proposals can ultimately succeed.  Here I restate my
 > NYET proposal from last year for your consideration.  The system is of
 > necessity ISP-based.  Home-based systems are subject to attacks at
 > home.  Since many (most?) children are better with computers than
 > their parents, these attacks can be expected to succeed.
[ . . . ]
 >
 > The NYET-software runs as superuser on the ISP's machine.  All minor
 > accounts have a corresponding configuration file sitting in their
 > account owner's parent's directory, which is locked with read/write by
 > owner only flags.  The correspondence between minor and parent
 > accounts sits in a file owned by root and similiarly locked.
 >  
 > The parent sets the configuration file to permit and deny access to
 > various parts of the net.  Since it is unreasonable for the parent to
[ . . . ]

     Your solution fails against your specified threat.  Children who
are more software-proficient than their parents will, in many cases,
be able to access their parents' accounts and modify the configuration
file (or simply use the account to access the blocked areas).
Ultimately, all such systems are "home-based" if any accounts used by
members of the household have or can be granted access to the naughty
bits (tip o' the hat to M. Python).

     While your proposal is obviously marketable, given the success of
Prodigy and the prospects for SurfWatch, it does not appear to be
inherently more secure than schemes that utilize subscriber software.

Regards,

Patrick May

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMB/Jqe5Yg08fDKehAQH16gQAp78uOJX02xNz7/5XYPBcaRZRC8pCWx6K
oUdOxbGta/l1rKrRGWhJ7WLJy9iaopBcbr4YXNOMPL4Va91DEXkJ5rfJKXC+o7Mz
jA0wBujVu0DK+S0C49Ah3OoXxX6H0SorbuscvDF2IIw9aGLSezD49H4/GgWvhklo
Y1Gu5Tfok+Y=
=FsYi
-----END PGP SIGNATURE-----