[clug] OT: Protesting the proposed clean feed?

Sam Couter sam at couter.id.au
Wed Oct 22 20:58:07 GMT 2008

Sunnz <sunnzy at gmail.com> wrote:
> By the way from what I have read, the proposal is to filter https as
> well as http. As you may know https's designed specifically not to be
> intercepted, so my guess is that they would force people to use their
> https proxy, or transparently intercept the connection anyway and let
> the user click the ignore button... which the ignore function have
> been made more scare factor in FireFox 3.

If filtering HTTPS really is part of the proposal (where can I find out
what the proposal really is?), I'd say it was probably conceived out of
absolute ignorance. HTTPS is designed specifically to protect against
such shenanigans, but the policy nerds won't know that. I imagine that
requirement will be one of the first to be dropped.

> I have been looking at "Obfuscated TCP":
> http://code.google.com/p/obstcp/ which from what I understand, it uses
> DH to establish an encrypted TCP connection between any 2 endpoints,
> could it possibly be used to make https remain a secure protocol free
> of interception?

If I'm going to the trouble of setting this up, why not just use IPSec?
And what makes Obfuscated TCP more difficult to intercept than HTTPS
already is?
Sam Couter         |  mailto:sam at couter.id.au
OpenPGP fingerprint:  A46B 9BB5 3148 7BEA 1F05  5BD5 8530 03AE DE89 C75C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.samba.org/archive/linux/attachments/20081023/2e005335/attachment.bin

More information about the linux mailing list