anonymous IP terminology (Re: [anonsec] Re: potential new IETF WG

Adam Back adam at cypherspace.org
Sat Sep 11 10:49:23 PDT 2004


on anonymous IPSec (fwd from hal at finney.org))
User-Agent: Mutt/1.4.1i
Sender: owner-cryptography at metzdowd.com

Joe Touch <touch at ISI.EDU> wrote:
> >The point has nothing to do with anonymity;
>
> The last one, agreed. But the primary assumption is that we can avoid a
> lot of infrastructure and impediment to deployment by treating an
> ongoing conversation as a reason to trust an endpoint, rather than a
> third-party identification. Although anonymous access is not the primary
> goal, it is a feature of the solution.

Joe:

I respectfully request that you call this something other than
"anonymous".  It is quite confusing and misleading.

Some people have spent quite a bit of time and effort in fact working
on anonymous IP and anonymous/pseudonymous transports.

For example at ZKS we worked on an anonymous/pseudonymous IP product
(which means cryptographically hiding the souce IP address from the
end-site).

There are some new open source anonymous IP projects.


Your proposal, which may indeed have some merit in simplifying key
management, has _nothing_ to do with anonymous IP.  Your overloading
of the established term will dilute the correct meaning.

Zooko provided the correct term and provided references:
"opportunistic encryption".  It sounds to have similar objectives to
what John had called opportunistic encryption and tried to do with
freeSWAN.  Lowever level terms may be unauthenticated as Hal
suggested.  Or non-certified key management (as the SSH cacheing of
previously before seen IP <-> key bindings and warnings when they
change).

> Although anonymous access is not the primary goal, it is a feature
> of the solution.

The access is _not_ anonymous.  The originator's IP, ISP call traces,
phone access records will be all over it and associated audit logs.

The distinguishing feature of anonymous is that not only is your name
not associated with the connection but there is no PII (personally
identifiable information) associated with it or obtainable from logs
kept.

And to be clear also anonymous means unlinkable anonymous across
multiple connections (which SSH type of authentication would not be)
and linkable anonymous means some observable linkage exists between
sessions which come from the same source (though no PII), and
pseudonymous means same as linkable anonymous plus association to a
persistent pseudonym.

Again there are actually cryptographic protcols for_ having anonymous
authentication: ZKPs, multi-show unlinkable credentials, and
refreshable (and so unlinkable) single-show credentials.

Adam

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'





More information about the cypherpunks-legacy mailing list