Mark Rogaski <wendigo@pobox.com> wrote:

If I had experience with Netscape plugins and spare time, I'd try it myself. But here's my proposed solution.

A plugin in Netscape intercepts all requests, encrypt the URL with a pubkey algorithm, encode the string base64, send it as GET input to a proxy server.

The proxy server decodes and decrypts the URL, gets the requested page, and returns it. This beats out URL-based filtering.

Still need to figure out the specifics of key-exchange. If we use 40-bit encryption, it's exportable, and it still works in our threat model (ie. we don't care if the watchers figure out the URL a few hours later).

To beat out dropping packets with unacceptable pattern in them, we could use an SSL-based server as the proxy.

The plugin could even have a nice little on/off switch and a list list of available proxies.

Nice, but I can see one problem here. If I (as a censor) will want to block your communication to prohibited sites, I can block the access to the proxy computers. You will just move the blocking strategy one level up with your plug-in. The censor will block the web servers AND proxy servers. Because the list of proxy servers must be available somehow to users, it is very simple to write some kind of script running on the gateway which is blocking the acccess. The script will download the list of proxy servers, update the gateway tables and the gateway will be blocking acccess to all sites on the proxy list. Bye PavelK -- **************************************************************************** * Pavel Korensky (pavelk@dator3.anet.cz) * * DATOR3 Ltd., Modranska 1895/17, 143 00 Prague 4, Czech Republic * * PGP key fingerprint: 00 65 5A B3 70 20 F1 54 D3 B3 E4 3E F8 A3 5E 7C * ****************************************************************************