[81911] in North American Network Operators' Group
Re: NTIA will control the root name servers?
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Sun Jul 3 13:55:18 2005
To: Ted Fischer <ted@fred.net>
Cc: nanog@nanog.org
In-Reply-To: Your message of "Sun, 03 Jul 2005 12:41:23 EDT."
<6.2.1.2.2.20050703120619.030d6428@mail.xecu.net>
From: Valdis.Kletnieks@vt.edu
Date: Sun, 03 Jul 2005 13:54:45 -0400
Errors-To: owner-nanog@merit.edu
--==_Exmh_1120413285_13223P
Content-Type: text/plain; charset=us-ascii
On Sun, 03 Jul 2005 12:41:23 EDT, Ted Fischer said:
> >Go read this: http://65.246.255.51/rfc/rfc3675.txt
> >
> >And ask yourself (a) why did that URL work at all, and (b) whether censoring
> >via top-level domain is likely to work.
>
> As an interesting side note, my e-mail client (Eudora) helpfully popped
> up the following message when checking the above URL:
>
> "The host, http://65.246.255.52/rfc/rfc3675.txt, is a numerical IP
> address; most legitimate sites use names, not addresses."
Of course, if you're a subversive visiting the site *because* somebody with
jackbooted thugs has censored the DNS, said site probably isn't considered
"legitimate" by those in power....
And it's a hopeless task - blocking by DNS isn't workable, and even blocking
problematic sites by IP isn't workable. It's pretty easy to show that if you
allow *any* traffic at all, there's covert channels available. Just take the
bandwidth of the pipe, treat the censorship as "noise" (the more heavy-handed,
the noiser), and work out the Shannon limit....
--==_Exmh_1120413285_13223P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFCyCZlcC3lWbTT17ARAh4sAJ9+1a+GUYONS8zjBaWij5AcgbYSzACdEt1h
jEDCBQGqTlqBOSKmmX6kjDM=
=sJdj
-----END PGP SIGNATURE-----
--==_Exmh_1120413285_13223P--
