[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOI: identity protection and DOS



Mike,

Michael Thomas <mat@cisco.com> writes:

> How do I know whether I trust the other party
> before I divulge my identity? Somebody has to go

you may or may not trust the other entity, however do you trust
all of the snoopers listening along between you and the peer?

I happen to agree with Radia's point that you should try to protect
the initiator's identity before the responder's identity (which
implies the responder should authenticate to the initiator first).
Yes, this implies an extra round trip, but if the initiator wants to
protect their identity they should have the choice to do so.

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available


Follow-Ups: References: