"Family Channel" of the Internet?
I had a rather interesting conversation today with a man who works for an individual who is getting into the ISP business. The guy freely admitted that he was not a technical kind of guy, and was only repeating what he had been told. The gist of the conversation: this company was going to try to position itself as, and I quote, "The Family Channel of the Internet" by going SurfWatch one better. If you sign up with them as your ISP, you'll only be able to access sites that they have personally inspected and approved. He said that they were going to do this, again I quote, "using the same encryption that Visa and Mastercard use." The last statment pegged my bogometer, of course. Now, since I know that I don't know everything about crypto, and I know even less about the inner workings of IP, I'm going to pose a couple of questions: 1) Is it technically possible for them to limit access to only approved IP addresses? If so, how can they do this, and is it possible to get around these measures. 2) What in the world would SET--I assume that was what he was talking about--have to do with this? 3) In general, how would you use crypto to ensure that your users only connected to approved sites, regardless of the platform or browser software they were using? I asked the guy to send me some technical details. If I receive them, I'll share unless he makes me sign an NDA. Ken
-----BEGIN PGP SIGNED MESSAGE----- On Fri, 6 Dec 1996, Ken Kirksey wrote:
1) Is it technically possible for them to limit access to only approved IP addresses? If so, how can they do this, and is it possible to get around these measures.
Packet filters can do this. This could be thwarted by using a proxy located on a trusted host. There are more complicated ways (source routing, IP spoofing, etc.) but these would require the cooperation of the target host. Very improbable.
3) In general, how would you use crypto to ensure that your users only connected to approved sites, regardless of the platform or browser software they were using?
Crypto would probably only be used for authentication. A simple password system would work, but wouldn't be as secure, of course. The ISP could pass the packets through the appropriate filter rules depending on the user. I don't know how much overhead would be associated with this technique, but it seems to be the most secure way to do this.
I asked the guy to send me some technical details. If I receive them, I'll share unless he makes me sign an NDA.
Ken
Mark - -- finger -l for PGP key PGP encrypted mail prefered. 0xf9b22ba5 now revoked -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMqjCVSzIPc7jvyFpAQE7egf+OMTzXyu/zzEg1+KE1v1/LgoyKXFc6QSr 7X5cqhyyX7kDzjUC+g/yklu9AQK1PRpM8SsYTP5uSSEWW/joBjMmUaVPdlnTctgD Osa8rE2EPL1QkojK3thEaSn5OrxAzmEvTYnhJH53c2WIPFpsGm1Ipi9SHaMGQtgY xFFR03gRSN1TeiULYzQHWXdovKFWFFNtYNgGTHd1et/TJvr67E30zRjOMIP0fD21 GN6fOPMsbbdtEwQsohrUkdsR+kMcOJDtYvBP/eJm4WCiie8SrEhCBSS7SKmkaWzX zzc/UOIX3/LY9t5dt52fO4T8vNfoSsc4plc5wIsDkJbdbBwc9RlCsw== =tFgY -----END PGP SIGNATURE-----
participants (2)
-
Ken Kirksey -
Mark M.