Anonymous WWW proxies
-----BEGIN PGP SIGNED MESSAGE----- I'm halfway in the coding of a simple anonymous WWW proxy, but before going any furter, I'd like to know: + If this has not been done before and is available ? (and where) + If there is any interest + Chaining would be a imo good idea (ie cli <-> anonproxy1 <-> anonproxy2 <-> ... <-> server) but how would you manage to tell your favorite web browser to add in its header something like Http-Proxy-List: anonproxy2, ... An alternative would be to have a database of avaibale (running) proxies and that the proxy itself randomly choose a next route ? + A way to solve previous pb and to add in encryption (but would it be fast enough for web browsing ?) would be that each user runs a local proxy (that could be optionnaly used by other folks) that would do pgp encryption/decryption, 'routing' selection,etc... Would ppl with mail remailers and/or W3 experience comment ? (or tell me the pointer toward the already solved, already implemented beast that would do the above) - -- Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface iQCVAgUBMFtiGXk52/beodHxAQETVgP/avWKpD/AUiRPM0ljX0BH0e7q10KYEOdA Hu+/Bsr7PWANdfhefs/ASrJn/kiOIQwo+RGV1K3UKWu7IyYdHHrINZkp0OcFlIR5 8TIfW6/FqBaUwAzuCV0/acUhXW6ah7xpPkgiHJ04Nlu8BKh72QGawJLJDoT2JmIi o67LVdD5ajg= =/kSM -----END PGP SIGNATURE-----
| + Chaining would be a imo good idea (ie cli <-> anonproxy1 <-> | anonproxy2 <-> ... <-> server) but how would you manage to tell | your favorite web browser to add in its header something like | Http-Proxy-List: anonproxy2, ... | An alternative would be to have a database of avaibale (running) | proxies and that the proxy itself randomly choose a next route ? Doesn't most of the browsers support a "firewall-proxy-mode", where all queries are sent of to a special daemon, that forwards the query on. This would probably be the place to add the header-munging. How do you plan to get the reverse-path working? Having a encrypted/chained return path in the request? | + A way to solve previous pb and to add in encryption (but would it | be fast enough for web browsing ?) would be that each user runs a | local proxy (that could be optionnaly used by other folks) that | would do pgp encryption/decryption, 'routing' selection,etc... | | Would ppl with mail remailers and/or W3 experience comment ? | (or tell me the pointer toward the already solved, already implemented | beast that would do the above) Encryption speed isn't all that an issue always. I'm planning to do an Mbone encryption gateway, (RSN). I will precompute a cryptographic mask during idle cycles, that can be XORed together with the clear-text packet when it arrives. I expect it to reduce the latency quite a lot. (This might not work, since it assumes the key distr problem is already solved in good time before the packet arrives, to be able to amass "precomputational power".) /Christian
Whats the problem of using CERN in proxy mode? You can even set it up do to chaining. Aleph One / aleph1@dfw.net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01 On Sun, 17 Sep 1995, Laurent Demailly wrote:
+ If this has not been done before and is available ? (and where)
Whats the problem of using CERN in proxy mode? You can even set it up do to chaining. The chaining is not dynamic (but its is maybe patcheable) ? I don't think there is support for encryption (ssl patches maybe?) ? Also, CERN httpd is a huge thing, maybe some smaller proxy would do... My development is/could be based on my httpd, but simplified... I'll have a look at standalone already existing proxies before reinventing
Aleph One writes: the wheel... Regards dl -- Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept
Points taken. But I belive the are (or will be patches) for CERN to d SSL. Check the SSLeay ssl-user mailing list. While we talking abut anonymous proxies. I always wanted to set up an IP anonymous proxie using Linux IP tunnel and maybe also IP Masquareding. This would allow people to have anonymous Web Servers, etc. (But as anything it would probably be abused for hacking, etc at no end). Any commments? Aleph One / aleph1@dfw.net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01 On Sun, 17 Sep 1995, Laurent Demailly wrote:
The chaining is not dynamic (but its is maybe patcheable) ? I don't think there is support for encryption (ssl patches maybe?) ? Also, CERN httpd is a huge thing, maybe some smaller proxy would do... My development is/could be based on my httpd, but simplified... I'll have a look at standalone already existing proxies before reinventing the wheel...
-----BEGIN PGP SIGNED MESSAGE----- Laurent Demailly wrote:
Whats the problem of using CERN in proxy mode? You can even set it up do to chaining. The chaining is not dynamic (but its is maybe patcheable) ? I don't think there is support for encryption (ssl patches maybe?) ? Also, CERN httpd is a huge thing, maybe some smaller proxy would do... My development is/could be based on my httpd, but simplified... I'll have a look at standalone already existing proxies before reinventing
Aleph One writes: the wheel...
I am almost sure that new TIS http-gw will do. Especially if ssl will be added by some kind soul.. avk - -- - --- \/\/\/ Andrew.V.Kovalev@jet.msk.su +7-095-973-4848 office Security is like defecation - unpleasant, but alternatives are worse. -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQBFAwUBMFxVZvLk60Co0vEHAQHYTQF+OWKil3l+o1gGQNw4jpWseQL80Fi9YwRc ydyRvfkmnFn+5hhpQXLVSlS+WwyWNt1G =TYGa -----END PGP SIGNATURE-----
Christian Wettergren writes:
| + Chaining would be a imo good idea (ie cli <-> anonproxy1 <-> | anonproxy2 <-> ... <-> server) but how would you manage to tell | your favorite web browser to add in its header something like | Http-Proxy-List: anonproxy2, ... | An alternative would be to have a database of avaibale (running) | proxies and that the proxy itself randomly choose a next route ?
Doesn't most of the browsers support a "firewall-proxy-mode", where all queries are sent of to a special daemon, that forwards the query on. This would probably be the place to add the header-munging. yes, they support one level of proxying, but not several as far as I know (so chaining must be done by the proxy itself as I suggested below)
How do you plan to get the reverse-path working? Having a encrypted/chained return path in the request? Reverse path is not a problem because WWW works with a bidirectional connection, so you get the answer to you query on the same path as you send it (its client <-> proxy1 ... (<-> and not ->))
Regards dl -- Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept
participants (4)
-
Aleph One -
Andrew V. Kovalev -
Christian Wettergren -
Laurent Demailly