[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comment on draft-ohta-multi6-threats-00.txt

To: Brian E Carpenter <brc@zurich.ibm.com>
Subject: Re: Comment on draft-ohta-multi6-threats-00.txt
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Date: Tue, 20 Jan 2004 22:04:41 +0900
Cc: Multi6 <multi6@ops.ietf.org>
In-reply-to: <400D0DB0.5DB3FEF@zurich.ibm.com>
References: <400D0DB0.5DB3FEF@zurich.ibm.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)

Brian;

1.4. Privacy on Identification

  If transport layer protocols having new connection identification
  requires hosts having persisting identification information, it will
  be used to track the identify of the host, which is a new security
  threat.

What is the persistency of the identifier? For a single session, for a single
reboot, or indefinite?


It depens on proposals, though I think per session ID is rather
temporary than persistent.

If the identifier is created per session or per reboot, the privacy
threat seems unimportant.

Per session privacy is, of course, unimportant.

Another case where privacy is unimportant is per location change,
because you don't have location privacy.

But, if you use Unix, you should expect reboot once in every
several monthes or years that per reboot is very long.

Masataka Ohta

References:
- Comment on draft-ohta-multi6-threats-00.txt
  - From: Brian E Carpenter <brc@zurich.ibm.com>

Prev by Date: RE: threats ID
Next by Date: Re: threats ID
Previous by thread: Comment on draft-ohta-multi6-threats-00.txt
Index(es):
- Date
- Thread