[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SOI: identity protection and DOS
Derek Atkins writes:
> Michael Thomas <mat@cisco.com> writes:
>
> > How do I know whether I trust the other party
> > before I divulge my identity? Somebody has to go
>
> you may or may not trust the other entity, however do you trust
> all of the snoopers listening along between you and the peer?
I guess that don't draw a huge distinction of where
the privacy leak happened, especially in the example
given where there should be no expectation of privacy
since it's given to untrusted but authenticatable parties.
> I happen to agree with Radia's point that you should try to protect
> the initiator's identity before the responder's identity (which
> implies the responder should authenticate to the initiator first).
> Yes, this implies an extra round trip, but if the initiator wants to
> protect their identity they should have the choice to do so.
I'm not arguing about choice. I'm arguing about
average behavior. On average, people don't take
the same precautions gaurding their home as
they do nuclear arsenals. Nor should they; the
risk if compromised is small and the expense
is prohibitive. That is, we should make the
average case reflect the actual risk/expense
instead of erring on the paranoid.
Mike
Follow-Ups:
References: