[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: TOR on Academic networks (problem)



On 5/16/06, Watson Ladd <watsonbladd@xxxxxxxxx> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On May 16, 2006, at 7:09 PM, Joseph Lorenzo Hall wrote:

> we are essentially saying that it's impossible to do research with
> anonymity tools in this kind of environment.  We have the benefit of
> having a receptive ear amongst the security folks on campus who would
> like to do away with IP-based authentication. -Joe
So how does trusting 1 IP eliminate IP based authentication?

It's more a question of having services to which we subscribe trust a smaller segment of the network rather than the whole darn thing. That kind of change would be easy for the subscription services to implement (changing a rule rather than implementing an authentication API) and would allow all sorts of anonymous proxies on campus (which are prohibited by our [MSSBCND][1]). Currently, if you want to do something that gets close to an anonymous proxy, you're required to block all traffic to UC Berkeley IP addresses as well as all IP addresses that correspond to services to which we subscribe (which is a Hard Problem).

While the security folks have eliminated IP-based authentication on
campus, it's still the main way that subscription services license
their content (and violations are typically treated by blocking the
entire UC Berkeley network... and you can imagine what a 24-hour
outage of a service like Lexis would do during finals week.). -Joe

[1]: http://security.berkeley.edu/MinStds/AppA.min.htm

--
Joseph Lorenzo Hall
PhD Student, UC Berkeley, School of Information
<http://josephhall.org/>