|
|
Subscribe / Log in / New account

QUIC as a solution in my firewall currently

QUIC as a solution in my firewall currently

Posted Feb 2, 2018 17:46 UTC (Fri) by TRS-80 (guest, #1804)
In reply to: QUIC as a solution in my firewall currently by nybble41
Parent article: QUIC as a solution to protocol ossification

Perhaps, but they are students and I have a duty of care to protect them from the worst parts of the internet, therefore a there is a middlebox between them and it. Is QUIC becoming used outside of Google anyway?

The middlebox we use doesn't currently support ECDHE, so I doubt TLS 1.3 support will be on the cards any time soon either. That will be a big ossification point as well due to how middlebox unfriendly TLS 1.3 is.

to post comments

QUIC as a solution in my firewall currently

Posted Feb 2, 2018 18:53 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link] (3 responses)

> Perhaps, but they are students and I have a duty of care to protect them from the worst parts of the internet, therefore a there is a middlebox between them and it.
And then these students get their smartphones and jump right into the worst parts without anyone wiser...

If you do have to comply with such laws, you can install blockers directly onto the endpoints rather than on midpoints.

QUIC as a solution in my firewall currently

Posted Feb 3, 2018 5:27 UTC (Sat) by TRS-80 (guest, #1804) [Link] (2 responses)

Phones are not allowed in the classroom, and we tell parents not to give their students data access, or install a filter on it. Either way, you can't do proper blocking on an iOS, the only good solutions are an explicit proxy or always-on VPN, at which point we're back to middleboxes so you may as well do it transparently.

QUIC as a solution in my firewall currently

Posted Feb 4, 2018 3:59 UTC (Sun) by Cyberax (✭ supporter ✭, #52523) [Link] (1 responses)

My brother's daughter recently went to China for a school exchange program. The first week or so her parents were only getting email updates to a non-Google address. Then she re-appeared on Facebook and Gmail - local kids in China had shown her how to work around blocking.

This is how effective Internet blocking is against determined teenagers.

I understand that people still have to go through motions and pretend that precious little children are totally "protected" by filters. But I'm not seeing why this should be made any easier. It'd be good to stop this hypocrisy fest eventually.

QUIC as a solution in my firewall currently

Posted Feb 9, 2018 15:18 UTC (Fri) by TRS-80 (guest, #1804) [Link]

Well, if you can stop our parents being rich enough to hire lawyers in the case that little Johnny sees something inappropriate using school-provided technology, I'm sure I can update our risk matrix to obviate the need for the web filter. If they do it on parent-provided technology, that's then their problem, not ours.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds