[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SOI: identity protection and DOS
Henry Spencer writes:
> On Wed, 21 Nov 2001, Michael Thomas wrote:
> > > ...You start out saying "identity
> > > protection should not be mandatory if it is expensive", which is at least
> > > defensible. But then you switch to "since identity protection is known to
> > > be expensive, it must not be mandatory", which is simply unfounded...
> >
> > I meant what was started out with.
>
> Correct. Which is what I describe above: it claims to be a requirement,
> but it's half requirement and half incorrect conclusions drawn from the
> requirement.
There are an infinite number of ways the
protocol could be constructed. Without
requirements -- such as how to value
engineering tradeoffs -- there is no way
to judge them in a way that anybody will agree
on. My claim is that identity protection is
for the most part marginal given traffic
analysis and the "who's there" problem.
As such, the average case shouldn't suffer
because of it. I've yet to see anything
discussed here to sway my original opinion.
Whether IKEv2, JFK, or something else entirely
meets that requirement, is beside the point;
assuming you support one of them, you should
be happy since it serves to weed out ones that
_don't_ meet that requirement.
> You need to fix it. All the statements (not just the first
> one) about how it ought to be optional need to be qualified with "unless
> it's cheap".
>
> Making stuff optional is *not* a good thing, in general.
Making 9 message SA establishment protocols is
*not* a good thing either.
Recall how we got there. Committees, lack of
requirements, and complete inattention paid to
average cases in the name of "Improved Security",
and "Generality" much of which was completely
illusory.
Mike
Follow-Ups:
References: