I am an average Internet user from China. Sorry for my bad English. I have this simple, naive or even stupid idea, thought I'd like to share in case someone find it useful. I apologize if this topic is improper or spammy to this maillist.
The Internet censorship in China makes many people suffer a lot, it also makes me think a lot, both politically and technically. But I believe in technology, especially the Internet.
In my opinion, theoretically, we *can* make the Internet uncensorable, at least makes all intermediate nodes unable to censor anything. The TL;DR answer is FEC algorithms.
To my knowledge, the Internet is designed as a tool to deliver data end-to-end. But firewalls, gateways behave quite badly these days. They judge the *content* of the data stream, and refuse to transfer them if something is wrong, or cut off a connection in a middle of a transfer. We invent SSL or other encryption methods to harden protection to our *content*, makes it difficult to probe what's going on in the data, but in my view, we have another cheap yet more effective, scalable way.
The idea is simple. Censorship happens, one of the reason is because our most widely used transfer protocol is plaintext, another major reason is our transfer is done in A SINGLE CONNECTION and can be check in a serialized way.
What if we break our data to many parts first, the transfer the debris nobody will notice, finally assemble them back to the original in the other end? Before giving the data to gateways and routers, we split the data, in sub-byte level, like doing a soft RAID5 to the data, then open multiple concurrent parallel connections to deliver data.
For example a censorship system would cut off a connection if a keyword TEST is triggered
ASCII: TEST
Connection1: 1110100 1100101 1110011 1110100
Now we pseudo split it. A real FEC, like RAID5 would be better
Connection 1: 00000000
Connection 2: 11111011
Connection 3: 10101110
Connection 4: 10011110
So what an intermediate nodes sees is continues pure binary data. No meaning content.
Further more, each connection can be encrypted separately.
Because FEC has made data redundant in someway, so FEC-enabled protocol can endure minor connection loss.
So if an intermediate node really want to check what's behind the data, it has to find the way to restore information, other wise the guessing work would be too painful.
FEC is better than encryptions. An encryption is either secure or broken. Suppose a 10% redundant FEC, if we tunnel 50% of the connections through a guaranteed secure tunnel like SSH, even if the intermediate nodes managed to restore the other 50%, it only got half of each byte, which is still too few to know what the original content is. Not to say the actual dispersal methods are usually very short and can be secretly told in many ways.
My point is, today's Internet architecture can be very easily censored, because the semantic content is bounded with data. FEC algorithms can dispersal meaning-ful content into meaning-less data, thus makes the transfer neutral to all intermediate nodes.
My view towards the Internet is simple, it's like the highways, is should be publicly liber and neutral transportation no matter what your car model is.
What do you guys think?
_______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf