[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOI: identity protection and DOS

To: Michael Thomas <mat@cisco.com>
Subject: Re: SOI: identity protection and DOS
From: Henry Spencer <henry@spsystems.net>
Date: Mon, 19 Nov 2001 19:06:51 -0500 (EST)
cc: ipsec@lists.tislabs.com
In-Reply-To: <15353.36126.558016.555579@thomasm-u1.cisco.com>
Sender: owner-ipsec@lists.tislabs.com

On Mon, 19 Nov 2001, Michael Thomas wrote:
> ...I think I disagree with your "fullest" assessment
> since simple traffic analysis may shatter many
> false illusions about protected identities. 

I think you've missed my point slightly.  If all key negotiation uses
identity protection, then it is impossible to tell whether the results of
such traffic analysis are valid:  there is no way to determine whether
non-trivial identity information was exchanged.  But if protection is used
only when there is something specific to protect, then the traffic analyst
*knows* whether his results are applicable or not. 

                                                          Henry Spencer
                                                       henry@spsystems.net

Follow-Ups:

Re: SOI: identity protection and DOS

From: Michael Thomas <mat@cisco.com>

References:

Re: SOI: identity protection and DOS

From: Michael Thomas <mat@cisco.com>

Prev by Date: Re: SOI: preshared
Next by Date: Re: ipsec in tunnel mode and dynamic routing
Prev by thread: Re: SOI: identity protection and DOS
Next by thread: Re: SOI: identity protection and DOS
Index(es):
- Main
- Thread