[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: TOR on Academic networks (problem)

To: or-talk@xxxxxxxxxxxxx
Subject: Re: TOR on Academic networks (problem)
From: "Joseph Lorenzo Hall" <joehall@xxxxxxxxx>
Date: Tue, 16 May 2006 16:44:52 -0700
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Tue, 16 May 2006 19:44:58 -0400
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=HLGGof5QRVbiHqplT3o0O5jd1zhhlnD4iIj1J8jqfMx1XqsbnP/TYCQKOfTDCOxaINb97R+hDN0hMCJFA3E1xDluzFZzO0DP2mHESaNUqWGv3wEu/cPn6KCCb9+ImhMFnGkgniqRbdOlkmzyhDSF87dZkoVDfluoh9MbZdBpKTM=
In-reply-to: <3B6C1420-8E78-4798-B79A-982940E3517C@gmail.com>
References: <4469CA02.1040007@csuohio.edu> <928946aa0605161301l5cfb6a19m5b35779de6ee3be8@mail.gmail.com> <446A36C0.7090408@csuohio.edu> <6332380B-1FBA-436D-8BE8-AF8D278527BB@gmail.com> <928946aa0605161609h5387a1f8y677e56bcd4d77dd8@mail.gmail.com> <3B6C1420-8E78-4798-B79A-982940E3517C@gmail.com>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

On 5/16/06, Watson Ladd <watsonbladd@xxxxxxxxx> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On May 16, 2006, at 7:09 PM, Joseph Lorenzo Hall wrote:

> we are essentially saying that it's impossible to do research with
> anonymity tools in this kind of environment.  We have the benefit of
> having a receptive ear amongst the security folks on campus who would
> like to do away with IP-based authentication. -Joe
So how does trusting 1 IP eliminate IP based authentication?


It's more a question of having services to which we subscribe trust a
smaller segment of the network rather than the whole darn thing.  That
kind of change would be easy for the subscription services to
implement (changing a rule rather than implementing an authentication
API) and would allow all sorts of anonymous proxies on campus (which
are prohibited by our [MSSBCND][1]).  Currently, if you want to do
something that gets close to an anonymous proxy, you're required to
block all traffic to UC Berkeley IP addresses as well as all IP
addresses that correspond to services to which we subscribe (which is
a Hard Problem).

While the security folks have eliminated IP-based authentication on
campus, it's still the main way that subscription services license
their content (and violations are typically treated by blocking the
entire UC Berkeley network... and you can imagine what a 24-hour
outage of a service like Lexis would do during finals week.). -Joe

[1]: http://security.berkeley.edu/MinStds/AppA.min.htm

--
Joseph Lorenzo Hall
PhD Student, UC Berkeley, School of Information
<http://josephhall.org/>

References:
- TOR on Academic networks (problem)
  - From: Michael Holstein
- Re: TOR on Academic networks (problem)
  - From: Joseph Lorenzo Hall
- Re: TOR on Academic networks (problem)
  - From: Michael Holstein
- Re: TOR on Academic networks (problem)
  - From: Watson Ladd
- Re: TOR on Academic networks (problem)
  - From: Joseph Lorenzo Hall
- Re: TOR on Academic networks (problem)
  - From: Watson Ladd

Prev by Author: Re: TOR on Academic networks (problem)
Next by Author: Re: TOR on Academic networks (problem)
Previous by thread: Re: TOR on Academic networks (problem)
Next by thread: Re: TOR on Academic networks (problem)
Index(es):
- Author
- Thread