On 08/28/2003 04:26 PM, David Wagner wrote: > > Are you sure you understood the attack?
Are you sure you read my original note?
> The attack assumes that communications links are insecure.
I explicitly hypothesized that the links were encrypted. The cryptotext may be observed and its timing may be tampered with, but I assumed the attackers could not cut through the encryption to get at the plaintext.
> The *transmission* from Alice may adhere to a fixed schedule, but > that doesn't prevent the attacker from introducing delays into the > packets after transmission.
Fine. So far the timing doesn't tell us anything about the behavior of Alice, just the behavior of the attacker.
> For instance, suppose I want to find out who is viewing my web site. > I have a hunch that Alice is visiting my web site right this instant, > and I want to test that hunch. I delay Alice's outgoing packets, > and I check whether the incoming traffic to my web contains matching > delays.
I explicitly said that if some endpoints are not secure, Alice suffers some loss of privacy when communicating with such an endpoint. Here DAW is playing the role of attacker, and is mounting an attack that combined traffic analysis with much more powerful techniques; he is assuming he "owns" the endpoint or otherwise can see through the crypto into the plaintext.
Let us not confuse "traffic analysis" issues with "anonymity" issues.
I explicitly said that traffic analysis was not the only threat to be considered.
To say it another way: The US ambassador in Moscow is not trying to remain anonymous from the US ambassador in Riyadh; they just don't want the opposition to know if/when/how-often they talk.
I described a certain model based on certain hypotheses.
Many people have responded with attacks on different models, based on different hypotheses. Some have frankly admitted contradicting me without having bothered to read what I wrote. I'm not going to respond to any more of these ... except to say that they do not, as far as I can see, detract in any way from the points I was making.
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]