[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SOI: identity protection and DOS
The problem with identity protection is that it is
inherently unequal; it involves a round trip to
collect the DH values as you point out. Also: I
think I disagree with your "fullest" assessment
since simple traffic analysis may shatter many
false illusions about protected identities.
Note that I'm not saying we should make it a
non-requirement, only that we put it in the proper
perspective.
Mike
Henry Spencer writes:
> On Mon, 19 Nov 2001, Michael Thomas wrote:
> > ...IMO, identity protection is
> > overblown. If by simple traffic analysis I see a
> > static IP address for a server which I can reverse
> > map, and even a dynamic address which I can
> > reverse map to a particular POP, a determined
> > attacker is probably going to have a pretty good
> > idea that you're visiting naughtybits.com...
>
> As others have noted already, an identity can be more than just an IP
> address, and protection for parts of it may be desirable.
>
> I would add that, other things being equal, the fullest possible
> protection of everything should be the default, not an option. That way,
> users with truly sensitive material aren't prominently advertised as such
> by the fact that they're the only ones using protection.
>
> (Of course, that "other things being equal" covers a multitude of sins.
> Whether identity protection justifies an extra round trip is a harder
> question than whether it justifies a few more CPU cycles.)
>
> Henry Spencer
> henry@spsystems.net
>
Follow-Ups:
References: