Re: [freehaven-dev] a few things

[Roger Dingledine <arma@mit.edu>]

On Sun, Feb 20, 2000 at 11:49:19PM -0500, Nathan Mahn wrote:
> Other than that... as for the threat model, I don't really think I'm
> inclusive enough in my thinking (if that makes sense) to be good at coming
> up with the less obvious possibilities, but again correct me if that doesn't
> seem to make sense for creating a threat model.

Well, there are a huge number of possibilities which aren't the "less obvious"
ones. If we end up with 100 threats that we're thinking about, then the first
fifty will be ones we've already named on the mailing list or in the meetings,
and only the last fifty will require creativity or ingenuity to come up with
them. I think that if we're trying to come up with creative attacks without a
list of 'basic attacks', then it's going to be a huge task and nobody is going
to start.

So if we can start just gathering together a list of ideas as they show up,
this will make things much easier down the road.

I think our attacks can be divided into two categories: black box attacks are
the attacks on our ideas and paradigms, without being concerned about specific
design and implementation decisions we've made; glass box attacks are the
attacks which make use of our specific design and implementation choices.
I tried to list almost entirely black box attacks on the proposal.

--Roger