[clug] OT: Protesting the proposed clean feed?

Sunnz sunnzy at gmail.com
Thu Oct 23 01:18:22 GMT 2008 

2008/10/23 Nathan Rickerby <rickerby at gmail.com>:
> Do you have any references that mention https?
>

Well: http://www.acma.gov.au/webwr/_assets/main/lib310554/isp-level_internet_content_filtering_trial-report.pdf

I haven't read it through yet, I just heard from people who have read
it... so I may be gullible!! :O

> If an ISP level intercepting/decrypting scheme was put in place then
> any sane vpn client would refuse to connect because it wouldn't get the
> correct certificate.  There would also be corporate policy (and the
> required technical restrictions) that no one was to use anything https
> to connect to the corporate services from Australia.

In the report is always goes like "web content (http/https)", so I
guess at this point it is really web stuff they care about, VPN are
not being censored.

> A significant technical point for me in this whole thing is that
> intercepting and decrypting one type of encrypted protocol would
> be ineffective.  If they did it to one thing, the others would become
> popular.  If they did it to https then an industry of vpn service providers
> would pop up overnight, there would even be free ones that only allow
> you access to certain otherwise-blocked sites.  It would be brought to
> the masses in the same way p2p apps brought file sharing to the masses.
> If they try and do it to every encrypted protocol... well, there's no
> point talking about that because it just won't work and if they did then
> we'd just make a new way to do it.

Exactly, if they have enough trouble with end users switch to
different unencrypted p2p protocol, how are they going to cope with
all the different flavour of encrypted protocol we have these days?
Maybe they'll ban encryption next, "just think of the terrorist!!"

> thanks,
> Nathan
>
> 1.  Doesn't this open up an opportunity for a virus to DOS the filtering
> hardware by initiating connections to many different https websites,
> forcing the filtering hardware to do lots of expensive tls/ssl initiations
> (two for the price of one).
>

Well terrorist can possibly write a spyware and inflect people's
computer with it that does precisely this to taken down the Australian
internet before they launch an attack. It is indeed proposed to have a
blacklist after all, I don't know how likely will terrorist be able to
get their hands on it, but I think the consequences are very high.

-- 
This e-mail may be confidential. You may not copy, forward or use any
part. All disclaimers on the Internet are of zero legal effectiveness
however. http://www.goldmark.org/jeff/stupid-disclaimers/

More information about the linux mailing list