[Cryptography] Fast handling of IP Address changes for HTTPS

[John Denker]

On 12/31/2017 05:03 PM, Christian Huitema wrote in part:
>  static IP addresses are convenient when you want to run a server at
> home, but there is a downside. The static IP address is a pretty good
> unique identifier. It will be present in every web transaction, every
> email trace, every VOIP connection. Some of us consider that a huge
> privacy issue, and actually prefer services in which the ISP regularly
> renumbers the connection. Not that changing IP address is sufficient to
> keep your browsing private, but it is a necessary first step.

If you are running a server (at home or otherwise),
then in many cases the static IP is a feature not
a bug.

If you want people to be able to find your server,
then you have to have a DNS entry that points to
it ... and the DNS name has to be reasonably stable
over time.

 -- If reverse-DNS is working, every script kiddie
  can reverse your IP to find the DNS name, archive
  the name, and use that to identify you forever.

 -- Even if you think you have turned off reverse
  DNS, if you utter the server name in public,
  the big data companies will do a forward DNS
  lookup, match your IP address (whether static
  or not) and boom, all your traffic is identified.

 -- et cetera.

If you are serious about hiding, you need something
/at least/ as complicated as TOR (and I'm not 100%
sure how much I trust TOR).  Rotating your IP address
is barely even security theater.

===============

The same issue arises with mobile phones, only
much worse.

===============

The word "supercookie" is sometimes applied to this
problem.

If you want to have a server and some measure of
anonymity at the same time, that's called "dark
web" and requires advanced, specialized techniques.