[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOI: identity protection and DOS



On Tue, 20 Nov 2001, Michael Thomas wrote:
>  > ...if protection is used
>  > only when there is something specific to protect, then the traffic analyst
>  > *knows* whether his results are applicable or not. 
> 
>    This presupposes that the traffic analyst needs 
>    incontrovertible evidence. If my employer, say, 
>    noticed that my laptop had a proclivity to
>    connect to netnudie.museum...

Consider a slightly different case:  he notices that your laptop has a
proclivity to connect to the webservers-r-us.com IPsec gateway.  There are
a lot of servers behind that gateway...

If all negotiations automatically use identity protection, then he can't
tell whether you're talking to hot-babes.com or open-source-software.org. 

However, if your connections to open-source-software.org don't use
identity protection, but you also make some other connections which do...
then it's a pretty safe bet that those protected connections are going to
hot-babes.com or maybe even kiddie-porn.com.

Identity protection is much more effective if it's used for everything, so
that the mere use of identity protection isn't itself a red flag to a
traffic analyst.

Yes, there are cases where identity protection doesn't buy much.  But
there are others where it does.  And advertising the difference is dumb.

                                                          Henry Spencer
                                                       henry@spsystems.net



References: