[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOI: identity protection and DOS



>>>>> "Michael" == Michael Thomas <mat@cisco.com> writes:

 Michael> ...2) SOI SHOULD provide a means to protect identities. SOI
 Michael> MUST make protection optional if it reduces the overall
 Michael> number of messages to establish a SA. A SOI peer MUST NOT
 Michael> protect identities by default.

 Michael> I expect that the last statement is controversial so let me
 Michael> explain: IMO, identity protection is overblown. If by simple
 Michael> traffic analysis I see a static IP address for a server
 Michael> which I can reverse map, and even a dynamic address which I
 Michael> can reverse map to a particular POP, a determined attacker
 Michael> is probably going to have a pretty good idea ...

That may be a valid analysis.  (I'm not going to take a position on
that here.)

However, it does not justify the text you proposed.  What it would
justify is:

2) SOI SHOULD provide a means to protect
   identities. SOI MUST make protection optional 
   if it reduces the overall number of messages 
   to establish a SA. A SOI peer MAY protect 
   identities by default.

That would fit the notion that identity protection is not all that
useful. 

The text you proposed would be appropriate if identity protection is
actually a bad idea.  For example, if it can only be done at
significant expense in time (messages, computation) or memory.  Is
that the case?  You did not say so.

If identity protection does not come at a significant cost, there is
no technical reason to prohibit it being the default for some
implementations. 

	 paul



Follow-Ups: References: