Re: SOI: identity protection and DOS

[Michael Thomas <mat@cisco.com>]

Henry Spencer writes:
 > On Mon, 19 Nov 2001, Michael Thomas wrote:
 > > ...I think I disagree with your "fullest" assessment
 > > since simple traffic analysis may shatter many
 > > false illusions about protected identities. 
 > 
 > I think you've missed my point slightly.  If all key negotiation uses
 > identity protection, then it is impossible to tell whether the results of
 > such traffic analysis are valid:  there is no way to determine whether
 > non-trivial identity information was exchanged.  But if protection is used
 > only when there is something specific to protect, then the traffic analyst
 > *knows* whether his results are applicable or not. 

   This presupposes that the traffic analyst needs 
   incontrovertible evidence. If my employer, say, 
   noticed that my laptop had a proclivity to
   connect to netnudie.museum, I doubt that it
   would matter a whole lot were I to tell them
   that they can't _prove_ it was me who clicking
   on the url.

	  Mike

---

Follow-Ups:

• Re: SOI: identity protection and DOS
• From: Henry Spencer <henry@spsystems.net>

References:

• Re: SOI: identity protection and DOS
• From: Michael Thomas <mat@cisco.com>
• Re: SOI: identity protection and DOS
• From: Henry Spencer <henry@spsystems.net>

---

• Prev by Date: Re: SOI: identity protection and DOS
• Next by Date: Re: SOI: preshared
• Prev by thread: Re: SOI: identity protection and DOS
• Next by thread: Re: SOI: identity protection and DOS
• Index(es):
  • Main
  • Thread