Re: Reply Blocks and Best-Before

[Nick Mathewson <nickm@alum.mit.edu>]

On Tue, 2003-03-04 at 17:49, Peter Palfrader wrote:
> Hello,
> 
> the Mixminion spec includes a Use-by-Date field in a Single Use Reply
> Block.
> 
> Is this a good idea?
> 
> It allows to make a good guess on which nodes are not part of the chain
> (i.e. those that rotate their keys earlier then the expiry date).

In the presence of key rotation, I think you only have two choices:
include the expiration date, or let SURBs expire without letting their
users know when.  Sending a message using an expired SURB will cause
that message to be lost.  Thus, without expiration dates, SURB
generators will need to make SURBs as long-lived as possible (in case
repliers delay before using them).  Without expiration dates, repliers
would have less freedom with how they use SURBs, and generators would
have even fewer nodes to chose among when generating them. 

Do you have a solution to the attack you mention?  It also exists when
*not* using SURBs; I can tell that users will only pick nodes from among
those not set to rotate their keys in a certain time interval.

> Additionally it allows to narrow down one node in the chain to the set
> of nodes to rotate their key on the expiry-date day.  If this is only
> one, then we probably know one node of the chain for sure.

If I understand what you're saying, this is not so.   Users choose an
expiry date *first* (default 7 days), and then the software chooses
among the acceptable nodes.  Even if the chosen path is in fact valid
for 30 days, the expiry date will be based on "7 days".

Perhaps making 7 days a requirement rather than a default could make
partitioning harder...

-- 
Nick Mathewson <nickm@alum.mit.edu>