[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Some thoughts on the Chinese Net



At 05:38 PM 2/14/96 -0500, Perry wrote:
>Jon Lasser writes:
>> The more complex portion (from my perspective, at any rate) is a 
>> modification of the standard TCP/IP protocol, requiring that each packet 
>> be signed by its originating user. This would require lots of software 
>> modification on the Chinese end, as well as a conversion process at the 
>> National firewall.
>
>They could use no stock software, and they would grind every machine
>in the country to its knees doing the signatures. RSA signatures
>aren't cheap.

Could you use IPv6 / IPSP authentication to do the job?  You'd obviously
need to create network software for the various operating systems,
but for most of them it's not a big change and various well-known people
are working on implementations :-)  You could get by with something
cheap like an RSA-signed key used for a MAC with either RC4 or MD5,
reducing the problem to one RSA signature per connection plus faster algorithms.
For email, that's probably still one signature per mail message, but it's
a manageable load...

#--
#				Thanks;  Bill
# Bill Stewart, [email protected] / [email protected] +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281

! Frank Zappa for President !