Re: Some thoughts on the Chinese Net
At 05:38 PM 2/14/96 -0500, Perry wrote:
Jon Lasser writes:
The more complex portion (from my perspective, at any rate) is a modification of the standard TCP/IP protocol, requiring that each packet be signed by its originating user. This would require lots of software modification on the Chinese end, as well as a conversion process at the National firewall.
They could use no stock software, and they would grind every machine in the country to its knees doing the signatures. RSA signatures aren't cheap.
Could you use IPv6 / IPSP authentication to do the job? You'd obviously need to create network software for the various operating systems, but for most of them it's not a big change and various well-known people are working on implementations :-) You could get by with something cheap like an RSA-signed key used for a MAC with either RC4 or MD5, reducing the problem to one RSA signature per connection plus faster algorithms. For email, that's probably still one signature per mail message, but it's a manageable load... #-- # Thanks; Bill # Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215 # http://www.idiom.com/~wcs Pager +1-408-787-1281 ! Frank Zappa for President !
Bill Stewart writes:
They could use no stock software, and they would grind every machine in the country to its knees doing the signatures. RSA signatures aren't cheap.
Could you use IPv6 / IPSP authentication to do the job?
Yes, they could. (Its IPSEC these days, by the way). However, again, I don't think it will do them much good, especially since forcing people to deploy strong cryptography everywhere isn't in their best interests. They could try only doing the AH part of the protocol, of course, but even then, using forged, stolen, or otherwise ingenuine credentials isn't that hard. Crypto isn't a panacea, and if you can't trust both endpoints its hard to trust the crypto itself... Perry
However, again, I don't think it will do them much good, especially since forcing people to deploy strong cryptography everywhere isn't in their best interests. They could try only doing the AH part of the protocol, of course, but even then, using forged, stolen, or otherwise ingenuine credentials isn't that hard. Crypto isn't a panacea, and if you can't trust both endpoints its hard to trust the crypto itself...
It seems to me that the actual result of the Chineese experiment in net censorship will probably be something in between what the Communist government is hoping for and what some hard line crypto anarchists are predicting. Nets and good crypto tools aren't going to make it possible for everyone in China with a pc to discuss any subject without fear of government reprisal, but the new technology will almost certainly result in a significant loss of control for the state. Censorship will persist in China, but evading it will be easier and safer than it is now. Nets being what they are, it will be easier for people to organize, and discussions and debates will probably be more productive than they are now. The pressures of crypto anarchy might not be strong enough to liberate China overnight, but they will exert a powerful and steady force towards liberalization. Once Chineese society has coexisted with a vibrant black information market for a decade or two, making things legal will probably seem sensible to most people -- no one will expect the sky to fall if people are allowed to speak their minds.
participants (3)
-
Alex Strasheim -
Bill Stewart -
Perry E. Metzger