XPost: comp.dcom.lans.ethernet   
   From: redelm@ev1.net.invalid   
      
   In comp.dcom.lans.ethernet Morten Reistad  wrote in part:   
   > Robert Redelmeier   wrote:   
   >>The nice thing about IPv4 is it _has_ all this DHCP and NAT.   
   >>It is difficult to identify any particular user, and impossible   
   >>once logs expire (1wk-2yr).  With IPv6, it would be possible   
   >>for anyone to do so, and long after the fact.   
   >   
   > This is purely "anonymity by obscurity". If we really want an   
   > anonymous service we have to use tor-like techniques; and then   
   > we need more adresses for it to resist attacks.   
   >   
   > "security by obscurity" does not work, nor does it provide   
   > anonymity.   
      
   I disagree with this meme.  There is no absolute security or   
   anonymity by _any_ means.  All can be penetrated by sufficiently   
   advanced countermeasures.  Security is a continuum, not discrete.   
   The point is to elevate the cost of the attack such that it is   
   not in widespread use, especially long after the fact.   
      
   I have no particular problem with law enforcement violating security   
   or anonymity, preferably with probable cause under the supervision   
   of some court.  But if not, simply making it difficult will achieve   
   much the same ends.  If it is difficult, even the most nefarious   
   police will have trouble doing much.   
      
   In this sense the horrible mixup that is DHCP and NAT are   
   useful obscurants.  Furthermore, they are pretty much obligatory   
   under IPv4.  Under IPv6, an interventionist government (who else   
   controls the police?)  could easily ban all the privacy extentions   
   and refuse to pass/flag packets with scrambled MACs.   
      
   Sorry about Tuba, but I don't think IPv6 is inevitable.   
   Newer-better does not always win.  Blu-ray isn't so healthy.   
      
   -- Robert   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)