Re: SOI: identity protection and DOS

[Michael Thomas <mat@cisco.com>]

Henry Spencer writes:
 > On Wed, 21 Nov 2001, Michael Thomas wrote:
 > >  > The proposed IKEv2, if I've read the spec correctly, establishes both
 > >  > an ISAKMP SA and a set of IPsec SAs, *with* full identity protection,
 > >  > in 2 round trips.  It is difficult to imagine improving on that...
 > > 
 > >    Fine, then IKEv2 meets my proposed requirement. That
 > >    doesn't negate the requirement, or the reason to have it.
 > >    We are still talking about requirements, right? 
 > 
 > We are, but you've given a rather confused impression of what your
 > proposed requirement actually *is*.  You start out saying "identity
 > protection should not be mandatory if it is expensive", which is at least
 > defensible.  But then you switch to "since identity protection is known to
 > be expensive, it must not be mandatory", which is simply unfounded.  You
 > need to stick to stating requirements, and avoid jumping to conclusions
 > about how they should be met. 

I meant what was started out with. Where that led
to was a chorus of "it's not expensive" with a
bunch of confusion along the way which I'm still
not sure about of whether it is or isn't. Also: we
still haven't mentioned the other part of my
initial post which was about DoS protection which
I lump in the same category: make it optional for
when the exceptional conditions arise.

	 Mike

---

Follow-Ups:

• Re: SOI: identity protection and DOS
• From: Henry Spencer <henry@spsystems.net>

References:

• Re: SOI: identity protection and DOS
• From: Michael Thomas <mat@cisco.com>
• Re: SOI: identity protection and DOS
• From: Henry Spencer <henry@spsystems.net>

---

• Prev by Date: Re: SOI: identity protection and DOS
• Next by Date: Re: SOI: identity protection and DOS
• Prev by thread: Re: SOI: identity protection and DOS
• Next by thread: Re: SOI: identity protection and DOS
• Index(es):
  • Main
  • Thread