On 30/09/2013 18:35, Christian Huitema wrote: ... > The current internet protocols and applications pay very little attention to > traffic analysis. We should obviously take the easy steps, encrypt the DNS, > e-mail and SIP connections. But when it comes to IP header analysis, we have > pretty few solutions. VPN, of course, but that requires configuration. Could > we change that?
Jon Crowcroft suggested a nice idea a few years ago, although for a different reason: sourceless network architecture (yes, a pun on SNA). Send packets with no source address, and you make the metadata much less useful. (Of course, if the packet is to get a reply, the source address needs to be encrypted in the payload.) As a retro-fit, this is a bit tricky - you'd probably have to set a dummy source address, and that would have to be one that would not get filtered. www.cl.cam.ac.uk/~jac22/talks/sna.ppt Brian _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
