Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] RFC: comments on discovery mechanisms

David-Sarah Hopwood david-sarah at
Fri Dec 3 11:48:11 PST 2010

On 2010-11-27 01:47, Daniel Colascione wrote:
> Hello all,
> I've been working sporadically on a paper describing some current
> approaches to the discovery aspect of the circumvention problem, which,
> frankly, is harder than simply moving packets through a firewall. I've
> attached a draft, and I would appreciate any feedback you could provide.

# But it is relatively straightforward to block or monitor DNS requests
# sent outside the fi
ltered area, or to redirect them to local DNS
# servers. These local DNS servers can refuse or forge requests to domain
# names associated with ACPs, though DNSSEC will prevent the latter when
# it becomes widely-deployed.

DNSSEC might prevent forgery, but cannot prevent blocking.

David-Sarah Hopwood  ⚥

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the liberationtech mailing list