Re: SOI QUESTIONS: 2.1 Identity protection questions?

["Theodore Ts'o" <tytso@mit.edu>]

On Wed, Jun 19, 2002 at 01:42:29AM -0400, Michael Richardson wrote:
>   Initiator and Responder refers to who sends the first keying message.
> 
>   Client and Server refers to who is active and who is passive in their
> intent to communicate. The initiator is not always the client.
> 
>   We are VERY frequently dealing with cases where the client, having no
> preconceived policy, may well start communication with the server in the
> clear, and the server, having a policy will, initiate to the client in order
> to send its reply.

This is assuming your "opportunistic encryption" scenario, right?
This is why it would be useful to do a formal write up of the security
assumptions and requirements of your scenario.  

See the questions which I asked ari on this thread with respect to
assunmptions about whether or not the "client" has a fixed IP address
or even a DNS server name, and what sort of naming assumptions which
you are making.

These sorts of questions are relatively well understood for the VPN
and road-warrier to corporate gateway scearios.  But I believe that
they are not quite so well understood (or at least with everyone
having the same assumptions) for some of the other usage scenarios.

						- Ted