[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "Family Channel" of the Internet?



-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 6 Dec 1996, Ken Kirksey wrote:

> 1) Is it technically possible for them to limit access to only approved 
> IP addresses?  If so, how can they do this, and is it possible to get 
> around these measures.

Packet filters can do this.  This could be thwarted by using a proxy
located on a trusted host.  There are more complicated ways (source routing,
IP spoofing, etc.) but these would require the cooperation of the target host.
Very improbable.

> 3) In general, how would you use crypto to ensure that your users only 
> connected to approved sites, regardless of the platform or browser 
> software they were using?

Crypto would probably only be used for authentication.  A simple password
system would work, but wouldn't be as secure, of course.  The ISP could
pass the packets through the appropriate filter rules depending on the user.
I don't know how much overhead would be associated with this technique, but
it seems to be the most secure way to do this.
 
> 
> I asked the guy to send me some technical details.  If I receive them, 
> I'll share unless he makes me sign an NDA.
> 
> Ken
> 

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.
0xf9b22ba5 now revoked

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMqjCVSzIPc7jvyFpAQE7egf+OMTzXyu/zzEg1+KE1v1/LgoyKXFc6QSr
7X5cqhyyX7kDzjUC+g/yklu9AQK1PRpM8SsYTP5uSSEWW/joBjMmUaVPdlnTctgD
Osa8rE2EPL1QkojK3thEaSn5OrxAzmEvTYnhJH53c2WIPFpsGm1Ipi9SHaMGQtgY
xFFR03gRSN1TeiULYzQHWXdovKFWFFNtYNgGTHd1et/TJvr67E30zRjOMIP0fD21
GN6fOPMsbbdtEwQsohrUkdsR+kMcOJDtYvBP/eJm4WCiie8SrEhCBSS7SKmkaWzX
zzc/UOIX3/LY9t5dt52fO4T8vNfoSsc4plc5wIsDkJbdbBwc9RlCsw==
=tFgY
-----END PGP SIGNATURE-----