[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SOI: identity protection and DOS
Henry Spencer writes:
> On Mon, 19 Nov 2001, Michael Thomas wrote:
> > ...I think I disagree with your "fullest" assessment
> > since simple traffic analysis may shatter many
> > false illusions about protected identities.
>
> I think you've missed my point slightly. If all key negotiation uses
> identity protection, then it is impossible to tell whether the results of
> such traffic analysis are valid: there is no way to determine whether
> non-trivial identity information was exchanged. But if protection is used
> only when there is something specific to protect, then the traffic analyst
> *knows* whether his results are applicable or not.
This presupposes that the traffic analyst needs
incontrovertible evidence. If my employer, say,
noticed that my laptop had a proclivity to
connect to netnudie.museum, I doubt that it
would matter a whole lot were I to tell them
that they can't _prove_ it was me who clicking
on the url.
Mike
Follow-Ups:
References: