>>>>> "Bjoern" == Bjoern Hoehrmann <derhoermi@xxxxxxx> writes:
Bjoern> I do not really read this in Stephen Farrell's response and
Bjoern> I am not in fact sure what you
Bjoern> mean. <draft-farrell-perpass-attack-02.txt>, for all I can
Bjoern> tell, is telling us that Google Analytics is an attack. The
Bjoern> above sounds more like it would not be okay for the IETF to
Bjoern> design some onion routing protocol without considering an
Bjoern> adversary that can see the raw bits of 99% of publicly
Bjoern> routed IP packets and analyse them in real time. --
So, our threat model has included passive monitoring basically since we
first wrote it down.
To me, the interesting changes here are that:
1) The probability of passive monitoring approaches 1. We know it's
happening which is a stronger statement than we know it may happen or we
know it sometimes happens.
(I'm not saying it's happening everywhere on every link all the time)
2) We know people are collecting data at multiple points and putting
it together.
So, if a request into a system generates a request out of a system to
another party, it's reasonable to assume attackers will be trying to
corrilate the events.