North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Tor and network security/administration

  • From: Todd Vierling
  • Date: Thu Jun 22 12:38:47 2006
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=GPnBFGvcOEgKr0uuRCntImGV/ZvZt7yUUbMVe0/HtRgwPiBofgymZAlo0C3Klwdv9VO30fGIY8eAfu1FWH16v+i76sQ0N3ev5YgHJqHajQcTHlf2uzlaNF6h3t47tLvBFdwR2Cdo9mdgermbanSGeolbVMlHCvllXNPNpYWJA5k=

On 6/22/06, Lionel Elie Mamane <lionel@mamane.lu> wrote:
> All of my discussions with Tor people have indicated [they] do not
> think I should have the right to deny traffic based on IP address,
> and that I should find other methods of authenticating traffic into
> my networks.

Isn't it rather that they think that filtering on the base of IP
address is broken in today's Internet, even if tor didn't exist?
This has been part of my point throughout this thread, in that:

substituting IP address for people is very, very, imprecise.
Tor just happens to point this out very vividly, and makes the
formerly small distinction between social and technological problems a
bit moer noticeable.

Anti-spam folk face a lot of the same issues.  Ideally, there should
be zero need for content-based mail filtering, because that doesn't
reflect the intent of blocking spam (which is *really* based on
"solicited" status).  However, the *social* issues of today's spam
abuse often make content-based filtering a necessary evil.

--
-- Todd Vierling <tv@duh.org> <tv@pobox.com> <todd@vierling.name>