[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
mix minion meeting notes by Zooko and Nick
These are my notes that I took at the meeting, plus some more comments that
I thought of plus some comments from Nick. You've probably already received
this, but now it will enter the archives.
--Z
------- Forwarded Message
To: nickm@alum.mit.edu, arma@mit.edu, george.danezis@cl.cam.ac.uk,
dm@scs.cs.nyu.edu
From: Zooko <zooko@zooko.com>
Subject: Mix Minion meeting notes by Zooko (with Nick)
Date: Sat, 09 Mar 2002 14:52:38 -0800
*** goals (`o') and non-goals (`x')
o anonymity (as strong as we can make it)
o replies
o many nodes (and to that end, the following three:)
o good user interface
o reliability
o abuse/DoS-resistance
* no immortal packets
o can be observed, analyzed, for design feedback, science
o thorough design doc and justification
o specification so that others can write secure and compatible implementations
o simplicity and conservative techniques
o it is possible to build apps on top of the mixnet (they use the messaging
services programmatically)
o long-lived pseudonymous addresses
x very-low-latency, "synchronous" service
x eternity service
x backwards compatible with MixMaster
x choose your favorite symmetric cipher, etc.
x fancy, novel techniques
x extending the mixnet
* For anonymity we don't want heterogenous behavior within the mixnet.
* Zooko and Nick don't want the design to be complicated in pursuit of
"extensibility" or over-abstraction.
* Nick and Zooko think that the way to enable evolution of code base is to
keep it simple and let people patch it.
*** open issues
* HOW DOES THE USER LEARN ABOUT NODES AND CHOOSE TO USE THEM? How does the
user agent find out current encryption public keys for the chosen nodes? If
the user or his agent need to know something about the services offered by
nodes (such as whether they are "egress" SMTP servers or not), how does he
learn about that?
* David's dynamic-address-generator idea
* the trade-offs between single-reply-blocks-only vs. multiple-reply-blocks
The optional-multiple-reply-blocks feature has good (`+') and bad (`-')
consequences:
+ The user can receive asynchronous incoming mail without doing any of the
following:
1. "check for new mail"
2. leave a bunch of reply blocks out
3. let a daemon check for new mail for her
+ Nymservers can store a fixed amount of storage (one long-lived reply block)
per client, rather than storing either an amount of storage proportional to
the volume of incoming-and-not-yet-popped mail (in the case of popping) or
proportional to the expected number of incoming mail (in the case of a
bunch of single-use blocks).
+ The information about the timing of the user being connected to the
Internet and ready to receive mail is not exposed. (Other techniques such
as daemons or extra-slow messages might help.)
? but what happens when nymserver pushes mail but receiver is off-line?
? reliability
- If there are also one-use reply blocks then nodes can distinguish between
kinds of traffic.
- Multiple-reply blocks are more susceptible to the transitive rubberhose
attack.
- Multiple-reply blocks are more susceptible to replay attacks, in ways that
we do not fully understand.
- Multiple-reply blocks don't work with the "counter mode encrypt-or-decrypt"
trick, and deterministic padding generation. (Can this issue be patched?)
- Supporting multiple-reply blocks is more complex in other ways.
* timestamp vs. public key encryption key changeover for bounding the
replay-prevention buckets (this is mostly of interest to Zooko, who harbors a
pervasive hatred of timestamps...)
* Can there be a document called "How to write applications on top of MixMinion
without losing your anonymity For Dummies"?
* Nick's ideas for "Stuff that might be nice to get a write-up of":
* a record of ideas that we rejected and why
* "Why MixMinion?" (and why not MixMaster, Onions, Tarzan, Crowds)
------- End of Forwarded Message