Hi Bob,
>Encryption without authentication is not ideal, but has benefits to me. >Passive observers are a real concern for privacy, because we know they exist, >and they are generally not detectable. If we could really make the attack expensive for the attackers. Then I agree with you. About the second sentence check the Andrew message and will directly answer to him since he classified everything and I agree with that classification but still have some arguments. >- An active attacker requires more effort, and probably more computing power, >Until a majority implements privacy, many passive observers will be content to >observe the unencrypted traffic. Not exactly. Compute expensive is not related to the factor you mentioned here. If the attacker needed to attack the cryptographic algorithm used in this approach, then what you say here is quite correct. But the attacker does not need this. >- An active attacker can be detected in many ways - I might notice that I get >two replies to a query, I might notice that all my connections go to the >single IP of the attackers proxy, I might notice that a web site has a >different IP than it did previously, etc. Right. But if you are a professional user and not a general user. Professional users also can find/ already know a way to secure himself in unsecure environment. > - In some settings (inside my company), an active attacker could be found and > punished. True. But In those companies, passive attackers can be also detected because software inside their own computer. Best, Hosnieh _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
