[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: RESEND: Thoughts on identity attacks



Applaud? Huh? He sends a 100% buzzword compliant but
completely content free
150 line post (which I snipped-- you're welcome) that
didn't even have one 
bit of specificity.

It's like autodesigners debating whether a new car
should have fold down
back seats to extend the trunk space and someone
interrupts to explain
the life of a soccer mom and that what people really
want in a new car is
safety and affordability. Oh, what an epiphany! 

The problem isn't people intentionally designing
unintuitive and complex
protocols (or intentionally designing unsafe and
unaffordable cars) so
to extoll the virtues of simplicity (or affordable and
safe cars) is a waste.
It also derails the discussion before a range of
opinions have been
expressed.

Back to the subject, OK?

I think protection against a passive attack is
basically free in all these
protocols. And protecting against an active attack
only protects one side. If 
Alice's identity is hidden when talking to Bob then
all Trudy has to do is initiate
a connection to Alice. "Ding dong" usually gets a
response of "who's there?"
not "You've reached Alice." My vote is for protection
against passive attacks.
No options to optionally expose Alice or Bob. 

my 2 cents.

-- Bob Fontain

-----Original Message-----
From: Edward Wilkinson <ewilkinson@efficient.com>
To: "'Khaja E. Ahmed'" <khaja.ahmed@attbi.com>,
         Dan Harkins <dharkins@tibernian.com>,
         David Jablon <dpj@world.std.com>
Cc: ipsec@lists.tislabs.com
Subject: RE: RESEND: Thoughts on identity attacks 

  Khaja, I must applauded you. As a person that
implements and
  supports this mass of security protocols I to believe
that it is way to
complicated for
  most people, and causes far to many interop problems.

  Ed



__________________________________________________
Do You Yahoo!?
Got something to say? Say it better with Yahoo! Video Mail 
http://mail.yahoo.com