[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Servers Should Use a Secure Mix Algorithm



Hi

--On Donnerstag, 2. März 2006 08:46 +0000 Colin Tuckley
<colin@xxxxxxxxxxx> wrote:

> 1) Mixminion *is* still in alpha, there is a lot of testing going on and
> having the timed algorithm made that easier/quicker.

I don't do any testing with sumatra and if someone does testing where the
algorithm is a real problem, he can simply leave sumatra out.
 
> 2) Using a "real" algorithm might make people think the system is secure.
> We shouldn't be encouraging that while we call the software "alpha". If
> Nick thinks it's time for real algorithms then it's also time for the
> software to be Beta. (Comments Nick?)

You're proposing a user that has enough knowledge to know about the
different algorithms, finds out which algorithm is used and still is stupid
enough to (a) trust Mixminion to deliver very sensitive messages and (b)
not notice and/or diregard the "not secure" warnings.

That's nothing I worry about, but I respect your point of view, of course.
 
> 3) The system is *not* reliable at the moment, for those of us trying to
> track down bugs this makes it worse. The NymBaron team for instance would
> really prefer a timed mix as it makes their testing faster.

Okay, that's a reason. I'll think about it.

> See my miniontest results at http://www.cside.dyndns.org/minion.html for
> an example of how this change is affecting the system.
 
> If you want to help with testing then please consider running miniontest
> to give the system a better workout.

Hm, okay, I'll look into it.

Thomas

Attachment: p7sniXT5sjt1S.p7s
Description: S/MIME cryptographic signature