TOR on Academic networks (problem)

Joseph Lorenzo Hall joehall at gmail.com
Tue May 16 23:44:52 UTC 2006


On 5/16/06, Watson Ladd <watsonbladd at gmail.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> On May 16, 2006, at 7:09 PM, Joseph Lorenzo Hall wrote:
>
> > we are essentially saying that it's impossible to do research with
> > anonymity tools in this kind of environment.  We have the benefit of
> > having a receptive ear amongst the security folks on campus who would
> > like to do away with IP-based authentication. -Joe
> So how does trusting 1 IP eliminate IP based authentication?

It's more a question of having services to which we subscribe trust a
smaller segment of the network rather than the whole darn thing.  That
kind of change would be easy for the subscription services to
implement (changing a rule rather than implementing an authentication
API) and would allow all sorts of anonymous proxies on campus (which
are prohibited by our [MSSBCND][1]).  Currently, if you want to do
something that gets close to an anonymous proxy, you're required to
block all traffic to UC Berkeley IP addresses as well as all IP
addresses that correspond to services to which we subscribe (which is
a Hard Problem).

While the security folks have eliminated IP-based authentication on
campus, it's still the main way that subscription services license
their content (and violations are typically treated by blocking the
entire UC Berkeley network... and you can imagine what a 24-hour
outage of a service like Lexis would do during finals week.). -Joe

[1]: http://security.berkeley.edu/MinStds/AppA.min.htm

-- 
Joseph Lorenzo Hall
PhD Student, UC Berkeley, School of Information
<http://josephhall.org/>



More information about the tor-talk mailing list