Re: SOI: identity protection and DOS

[Michael Thomas <mat@cisco.com>]

Radia Perlman - Boston Center for Networking writes:
 > Derek said:
 > >>I happen to agree with Radia's point that you should try to protect
 > >>the initiator's identity before the responder's identity (which
 > >>implies the responder should authenticate to the initiator first).
 > 
 > Actually, Dan and Charlie changed my mind about that. The problem with
 > the responder revealing identity information first is that ANYONE can
 > initiate an IPsec connection to an IP address and find out who is there
 > without ever divulging their identity.

   Ah. In other words, it should imitate real life
   conversations where the responder gets to say 
   "who's there?" rather than the initiator.
 
 > If it's the initiator that reveals identity first then the only threat is
 > from an active attacker impersonating the responder's IP address and lying
 > in wait. (the initiator's ID is hidden from an eavesdropper and revealed
 > only to whatever is sitting at the IP address the initiator connected to).
 > If it's the responder that reveals identity first, then (assuming
 > it's not a strict client/server model where the nodes that need identity
 > protection never respond to IPsec connect initiates and only initiate
 > them) it is trivial to find out who is at an IP address.

   Which means that you're forced into a full round
   trip first to protect the initiator's identity. This
   is precisely why I think that identity
   protection should be an optional tradeoff of 
   SA establishment speed vs. privacy, especially
   since the privacy protection in a large number
   of cases is subject to simple traffic analysis
   guessing.

		Mike