-- On Thursday, November 14, 2002 6:01 PM -0500 -- Valdis.Kletnieks@vt.edu supposedly wrote:
On Thu, 14 Nov 2002 17:26:21 EST, "Patrick W. Gilmore" <patrick@ianai.net> said:
Not if you block the domain name terrorist.com from resolving at the caching name server, only if you block the IP address to which is resolves on your routers. (Which in many cases will be an Akamai server inside your network - if not, just ask. :)
http://a1016.g.akamai.net/f/1016/606/1d/(rest deleted)
So tell me again how you're going to filter a1016.g.akamai.net? And how you're not going to piss off the OTHER sites on that server? (Yes, I know that the virtualized hostname is down in the (rest deleted) part of the URL - is that what you want to try to filter in a firewall? Especially when the name could (and probably will) be % encoded or whatever?
Well, believe it or not, you can filter on aXXXX. :) But more importantly, no user is ever going to type "aXXX.g.akamai.com/foo/bar/etc...". They are going to type "www.ticketmaster.com", which is a CNAME for aXXX. If the ISP's name server filters the "ticketmaster.com" domain, your random luser is not going to be able to get to www.ticketmaster.com.
Or are we simply assuming that all terrorists are dumb enough to not know how to use a proxy? (Remember that we *are* worried they're smart enough to use strong crypto...)
I did not think this is about stopping terrorists from getting to special sites. I thought this was about a government censoring its citizens from seeing "bad" web sites. Which is a Bad Idea IMHO, but I doubt the Spanish government cares what I think. Besides, what's to stop Joe User from using a public proxy outside his country? :)
Valdis Kletnieks
-- TTFN, patrick