Re: SOI: identity protection and DOS

[Henry Spencer <henry@spsystems.net>]

On Wed, 21 Nov 2001, Michael Thomas wrote:
>  > The proposed IKEv2, if I've read the spec correctly, establishes both
>  > an ISAKMP SA and a set of IPsec SAs, *with* full identity protection,
>  > in 2 round trips.  It is difficult to imagine improving on that...
> 
>    Fine, then IKEv2 meets my proposed requirement. That
>    doesn't negate the requirement, or the reason to have it.
>    We are still talking about requirements, right? 

We are, but you've given a rather confused impression of what your
proposed requirement actually *is*.  You start out saying "identity
protection should not be mandatory if it is expensive", which is at least
defensible.  But then you switch to "since identity protection is known to
be expensive, it must not be mandatory", which is simply unfounded.  You
need to stick to stating requirements, and avoid jumping to conclusions
about how they should be met. 

                                                          Henry Spencer
                                                       henry@spsystems.net

---

Follow-Ups:

• Re: SOI: identity protection and DOS
• From: Michael Thomas <mat@cisco.com>

References:

• Re: SOI: identity protection and DOS
• From: Michael Thomas <mat@cisco.com>

---

• Prev by Date: Re: SOI: identity protection and DOS
• Next by Date: Re: SOI: identity protection and DOS
• Prev by thread: Re: SOI: identity protection and DOS
• Next by thread: Re: SOI: identity protection and DOS
• Index(es):
  • Main
  • Thread