Hello again Dean, On 9 December 2012 17:55, Dean Willis <[email protected]> wrote: > A couple of years back we had some discussion about the need to design IETF > protocols to be DPI resistant. One principle that I think should guide our > efforts is that not only should each protocol be itself DPI resistant, but > it should deliberately assist other protocols in being DPI resistant.
Interesting topic. We worked closely with a company who also provides DPI equipment once upon a time. It proved difficult for me to think how to address the DPI threat, especially long term. > With the ITU insisting on designing deep packet inspection into the network > at the behest of dictators, tyrants, and thugs at various levels of > political regimes, perhaps we're ready to reconsider? Is it even possible to beat DPI? (given the probable mousetrap improvement cycle) > it works for schools of fish, and it should work for flocks of packets. Indeed, so beating DPI means altering the majority of packet flow to use a camouflage technique? I've thought years ago about a "state explosion" and "cover traffic" approach. So the majority of traffic should be in encrypted form, providing cover. How realistic is that unfortunately? You could possibly overload hardware that operates at wirespeed by increasing state. Thus two people communicating over the years should preserve state and use that. -johan. _______________________________________________ ietf-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-privacy
