[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SOI: identity protection and DOS
>>>>> "Michael" == Michael Thomas <mat@cisco.com> writes:
Michael> ...2) SOI SHOULD provide a means to protect identities. SOI
Michael> MUST make protection optional if it reduces the overall
Michael> number of messages to establish a SA. A SOI peer MUST NOT
Michael> protect identities by default.
Michael> I expect that the last statement is controversial so let me
Michael> explain: IMO, identity protection is overblown. If by simple
Michael> traffic analysis I see a static IP address for a server
Michael> which I can reverse map, and even a dynamic address which I
Michael> can reverse map to a particular POP, a determined attacker
Michael> is probably going to have a pretty good idea ...
That may be a valid analysis. (I'm not going to take a position on
that here.)
However, it does not justify the text you proposed. What it would
justify is:
2) SOI SHOULD provide a means to protect
identities. SOI MUST make protection optional
if it reduces the overall number of messages
to establish a SA. A SOI peer MAY protect
identities by default.
That would fit the notion that identity protection is not all that
useful.
The text you proposed would be appropriate if identity protection is
actually a bad idea. For example, if it can only be done at
significant expense in time (messages, computation) or memory. Is
that the case? You did not say so.
If identity protection does not come at a significant cost, there is
no technical reason to prohibit it being the default for some
implementations.
paul
Follow-Ups:
References: