[liberationtech] RFC: comments on discovery mechanisms
David-Sarah Hopwood
david-sarah at jacaranda.org
Fri Dec 3 11:48:11 PST 2010
On 2010-11-27 01:47, Daniel Colascione wrote:
> Hello all,
>
> I've been working sporadically on a paper describing some current
> approaches to the discovery aspect of the circumvention problem, which,
> frankly, is harder than simply moving packets through a firewall. I've
> attached a draft, and I would appreciate any feedback you could provide.
# But it is relatively straightforward to block or monitor DNS requests
# sent outside the fi
ltered area, or to redirect them to local DNS
# servers. These local DNS servers can refuse or forge requests to domain
# names associated with ACPs, though DNSSEC will prevent the latter when
# it becomes widely-deployed.
DNSSEC might prevent forgery, but cannot prevent blocking.
--
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20101203/a42437ae/attachment.asc>
More information about the liberationtech
mailing list