At 6:45 PM -0700 2/2/99, Mark S. Miller wrote:
>Since the libtech list has a general "don't store, forward, or cite"
>policy, I hereby give permission to do so freely with this message.
>...
>http://www.erights.org/to-be-sorted/DataCommThruFirewalls.html describes
>our (Bill Frantz's) thoughts on using http tunnelling to get through
>firewalls. It would be great to understand how this, or various
>independent mixing schemes, can be extended to hide location.
The scheme presented provides some level of hiding. The basic idea is to have the proxy, which listens on the http port (80) accept messages from Vats behind a firewall, and act as an outside the firewall address for contacting them. The Vat behind the firewall polls the proxy for messages. Since there are (ideally) many Vats using one proxy, the proxy acts as kind of a mix. The polling provides some separation between message receipt and forwarding. An extra layer of encryption is needed to disguise the messages. Further development would allow several of these proxies to cooperate and act as a distributed mix.
For the people who enjoy being on the really bleeding edge of things, there is some code in the E tree to support the firewall proxy. It compiles, but has not been tested. Go for it. :-)
Bill Frantz | Macintosh: Didn't do every-| Periwinkle -- Consulting (408)356-8506 | thing right, but did know | 16345 Englewood Ave. frantz@netcom.com | the century would end. | Los Gatos, CA 95032, USA