Re: SOI: identity protection and DOS

[Henry Spencer <henry@spsystems.net>]

On Mon, 19 Nov 2001, Michael Thomas wrote:
> ...IMO, identity protection is
> overblown. If by simple traffic analysis I see a
> static IP address for a server which I can reverse
> map, and even a dynamic address which I can
> reverse map to a particular POP, a determined
> attacker is probably going to have a pretty good
> idea that you're visiting naughtybits.com...

As others have noted already, an identity can be more than just an IP
address, and protection for parts of it may be desirable.

I would add that, other things being equal, the fullest possible
protection of everything should be the default, not an option.  That way,
users with truly sensitive material aren't prominently advertised as such
by the fact that they're the only ones using protection. 

(Of course, that "other things being equal" covers a multitude of sins.
Whether identity protection justifies an extra round trip is a harder
question than whether it justifies a few more CPU cycles.)

                                                          Henry Spencer
                                                       henry@spsystems.net

---

Follow-Ups:

• Re: SOI: identity protection and DOS
• From: Michael Thomas <mat@cisco.com>
• Re: SOI: identity protection and DOS
• From: "david chen" <ietf_davidchen@hotmail.com>

References:

• SOI: identity protection and DOS
• From: Michael Thomas <mat@cisco.com>

---

• Prev by Date: Re: ipsec in tunnel mode and dynamic routing
• Next by Date: Re: ipsec in tunnel mode and dynamic routing
• Prev by thread: Re: SOI: identity protection and DOS
• Next by thread: Re: SOI: identity protection and DOS
• Index(es):
  • Main
  • Thread