Re: SOI: identity protection and DOS

[Henry Spencer <henry@spsystems.net>]

On Wed, 21 Nov 2001, Michael Thomas wrote:
>    ...My claim is that identity protection is
>    for the most part marginal given traffic
>    analysis and the "who's there" problem. 

That is indeed your claim; please note that not everyone agrees, and that
attempts to embed this claim into requirements will be contentious.  You
will be more likely to convince people if you avoid that. 

>    As such, the average case shouldn't suffer
>    because of it.

That is a plausible requirement.  Your specific proposed requirement said
rather more than that, and those unnecessary extras make it much more
contentious.  Making identity protection optional is not the only
conceivable way to prevent the average case from suffering.  If your wish
is that the average case should not suffer, many more people will agree
with you if your requirement says *exactly that* and no more. 

>    Whether IKEv2, JFK, or something else entirely
>    meets that requirement, is beside the point...

Not quite.  The existence of a proposal which appears to meet the
underlying "should not suffer" requirement, but does *not* meet the more
detailed requirement you actually proposed, should tell you that your
proposal was somehow flawed. 

                                                          Henry Spencer
                                                       henry@spsystems.net

---

References:

• Re: SOI: identity protection and DOS
• From: Michael Thomas <mat@cisco.com>

---

• Prev by Date: Re: SOI: identity protection and DOS
• Next by Date: Notification Types
• Prev by thread: Re: SOI: identity protection and DOS
• Next by thread: Re: SOI: identity protection and DOS
• Index(es):
  • Main
  • Thread