On Mar 27, 2009, at 4:01 PM, Matthew Kaufman wrote:
A) Then don't use localization for such a sensitive application!
This application you describe views the network as an opponent, so
you aren't going to want to use external localization services at
all! Period. Because just the ACT of querying tells the
localization service information, as well as node information, and
a bunch of others.
This is what developers should do, yes. But in some cases they want
to make a tradeoff between more security and getting the locality
data. This is 2009... why there are *any* protocols being deployed
that don't have encryption, authentication, anti-tamper, etc. I
don't understand.
Privacy vs data INTEGRITY are different things. I dont' understand
why there isn't universal data integrity on all the data. It should
be in the transport layer, IMO.
B) An ISP vantage point doesn't just see one node, but a boatload
of nodes.
True.
My argument however is you are at a middle ground on privacy that
is ALMOST useless: active attackers and ISP level monitoring can
rip through so much of the privacy at the level you describe.
That such an application can't use a localization service is, to my
mind, a small loss: such applications shouldn't really exist
anyway because most of the privacy preserving is an illusion.
You may be right. However, developers have requested the ability to
use locality awareness without transmitting large lists of addresses
as plaintext. I can see their point, given my above comment about
development of highly insecure protocols for today's Internet.
Just because they are your customers doesn't mean they are right: I
would not want to compromise localization (especially once caching
gets introduced) in the name of a privacy protection that doesn't
really exist.
Additionally, you CAN'T do localization comparison without knowing
which points to compare. Again, privacy can't work in that case.
_______________________________________________
alto mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/alto
