On Wed, Dec 10, 2008 at 2:17 PM, Stanislav Sinyagin ssinyagin@yahoo.comwrote:
What if a whitebox is hacked, and the intruder can inject new IP addresses and get the hold of traffic content? There's a lot of things one could do with that...
Like economical/business "intelligence" (or lack of intelligence).
That's a bit the same problem with having that kind of development done in a private firm.
The private firm needs money. It may accept to built some backdoor way to inject some IP's in the BGP mesh for short duration to "tcp reassembly"/parse it etc. in the layer7 box (which is a linux box).
Worse, in every software shop I've been, adding a backdoor to a new development has always a "cool" (even if childish in reality) effects. Getting money in the pocket, too. (Solving the rest of this equation is left as an exercise to the reader :-)
So if the government want to push such a filtering, they will need to propose a completely open implementation to peer reviews, compiled, packaged and signed by a team of 5 - 10 peoples taken out of the community of network operators and end users.
cheers