At 05:38 PM 2/14/96 -0500, Perry wrote:
Jon Lasser writes:
The more complex portion (from my perspective, at any rate) is a modification of the standard TCP/IP protocol, requiring that each packet be signed by its originating user. This would require lots of software modification on the Chinese end, as well as a conversion process at the National firewall.
They could use no stock software, and they would grind every machine in the country to its knees doing the signatures. RSA signatures aren't cheap.
Could you use IPv6 / IPSP authentication to do the job? You'd obviously need to create network software for the various operating systems, but for most of them it's not a big change and various well-known people are working on implementations :-) You could get by with something cheap like an RSA-signed key used for a MAC with either RC4 or MD5, reducing the problem to one RSA signature per connection plus faster algorithms. For email, that's probably still one signature per mail message, but it's a manageable load... #-- # Thanks; Bill # Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215 # http://www.idiom.com/~wcs Pager +1-408-787-1281 ! Frank Zappa for President !