Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] RFC: comments on discovery mechanisms

David-Sarah Hopwood david-sarah at jacaranda.org
Fri Dec 3 11:48:11 PST 2010


On 2010-11-27 01:47, Daniel Colascione wrote:
> Hello all,
> 
> I've been working sporadically on a paper describing some current
> approaches to the discovery aspect of the circumvention problem, which,
> frankly, is harder than simply moving packets through a firewall. I've
> attached a draft, and I would appreciate any feedback you could provide.

# But it is relatively straightforward to block or monitor DNS requests
# sent outside the fi
ltered area, or to redirect them to local DNS
# servers. These local DNS servers can refuse or forge requests to domain
# names associated with ACPs, though DNSSEC will prevent the latter when
# it becomes widely-deployed.

DNSSEC might prevent forgery, but cannot prevent blocking.

-- 
David-Sarah Hopwood  ⚥  http://davidsarah.livejournal.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20101203/a42437ae/attachment.asc>


More information about the liberationtech mailing list