ietf
[Top] [All Lists]

Make the Internet uncensorable to intermediate nodes

2010-03-19 09:03:41
Hi list,

I am an average Internet user from China. Sorry for my bad English. I have
this simple, naive or even stupid idea, thought I'd like to share in case
someone find it useful. I apologize if this topic is improper or spammy to
this maillist.

The Internet censorship in China makes many people suffer a lot, it also
makes me think a lot, both politically and technically. But I believe in
technology, especially the Internet.

In my opinion, theoretically, we *can* make the Internet uncensorable, at
least makes all intermediate nodes unable to censor anything. The TL;DR
answer is FEC algorithms.

To my knowledge, the Internet is designed as a tool to
deliver data end-to-end. But firewalls, gateways behave quite badly these
days. They judge the *content* of the data stream, and refuse to transfer
them if something is wrong, or cut off a connection in a middle of a
transfer. We invent SSL or other encryption methods to harden protection to
our *content*, makes it difficult to probe what's going on in the data, but
in my view, we have another cheap yet more effective, scalable way.

The idea is simple. Censorship happens, one of the reason is because our
most widely used transfer protocol is plaintext, another major reason is our
transfer is done in A SINGLE CONNECTION and can be check in a serialized
way.

What if we break our data to many parts first, the transfer the debris
nobody will notice, finally assemble them back to the original in the other
end? Before giving the data to gateways and routers, we split the data, in
sub-byte level, like doing a soft RAID5 to the data, then open multiple
concurrent parallel connections to deliver data.

For example a censorship system would cut off a connection if a keyword TEST
is triggered

ASCII: TEST
Connection1: 1110100 1100101 1110011 1110100

Now we pseudo split it. A real FEC, like RAID5 would be better

Connection 1: 00000000
Connection 2: 11111011
Connection 3: 10101110
Connection 4: 10011110

So what an intermediate nodes sees is continues pure binary data. No meaning
content.

Further more, each connection can be encrypted separately.

Because FEC has made data redundant in someway, so FEC-enabled protocol can
endure minor connection loss.

So if an intermediate node really want to check what's behind the data, it
has to find the way to restore information, other wise the guessing work
would be too painful.

FEC is better than encryptions. An encryption is either secure or broken.
Suppose a 10% redundant FEC, if we tunnel 50% of the connections through a
guaranteed secure tunnel like SSH, even if the intermediate nodes managed to
restore the other 50%, it only got half of each byte, which is still too few
to know what the original content is. Not to say the actual dispersal
methods are usually very short and can be secretly told in many ways.

My point is, today's Internet architecture can be very easily censored,
because the semantic content is bounded with data. FEC algorithms
can dispersal meaning-ful content into meaning-less data, thus makes the
transfer neutral to all intermediate nodes.

My view towards the Internet is simple, it's like the highways, is should be
publicly liber and neutral transportation no matter what your car model is.

What do you guys think?
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf