Re: Lurkers: First draft: call for comments (was Re: Paper deadlines)

[Len Sassaman <rabbi@quickie.net>]

On 6 May 2002, Nick Mathewson wrote:

> Re-read the part about what TLS gets us; it's not there to prevent third
> parties from decrypting messages.  It's there for forward security
> against eavesdroppers who later compromise or subpoena nodes, IIUC.

Ah, of course. Though that would require the attacker both impersonate the
second remailer *and* be able to obtain the second remailer's true key at
some point in the future.

> > Should we add mention of remixing to 4.2? What about explicit mention of
> > link-level requirements (i.e., demands signing, etc.)?
>
> Roger and David are going to kick the batching rules around a bit; Roger
> mentioned putting something more tentative later in the paper.

Okay.

I can write up some of that and have it to you tomorrow morning, if you
like.

> > Hmm.
> >
> > Keeping hashes of all the headers received since the last key rotation
> > will cause the same problems as keeping an incredibly long id.log -- the
> > search time for the will damage performance of the system. We're looking
> > at moving id.log to a db hash presently. Should potential performance
> > problems be noted?
>
> I don't think so; the techniques for efficiently storing a large number
> of fixed-width values are sufficiently well known. (BTW, are you saying
> that the current systems do a linear search?)

Of an ASCII file, no less!