[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SOI: identity protection and DOS
On Tue, 20 Nov 2001, Michael Thomas wrote:
> > ...if protection is used
> > only when there is something specific to protect, then the traffic analyst
> > *knows* whether his results are applicable or not.
>
> This presupposes that the traffic analyst needs
> incontrovertible evidence. If my employer, say,
> noticed that my laptop had a proclivity to
> connect to netnudie.museum...
Consider a slightly different case: he notices that your laptop has a
proclivity to connect to the webservers-r-us.com IPsec gateway. There are
a lot of servers behind that gateway...
If all negotiations automatically use identity protection, then he can't
tell whether you're talking to hot-babes.com or open-source-software.org.
However, if your connections to open-source-software.org don't use
identity protection, but you also make some other connections which do...
then it's a pretty safe bet that those protected connections are going to
hot-babes.com or maybe even kiddie-porn.com.
Identity protection is much more effective if it's used for everything, so
that the mere use of identity protection isn't itself a red flag to a
traffic analyst.
Yes, there are cases where identity protection doesn't buy much. But
there are others where it does. And advertising the difference is dumb.
Henry Spencer
henry@spsystems.net
References: