Re: [freehaven-dev] 2/25/2001 meeting notes

[dmolnar <dmolnar@hcs.harvard.edu>]

> Roger Dingledine wrote:
> > david molnar doesn't like client-picked paths.
> 
> Why not?

* A client-picked path allows an evil client to set up a MIX. 
  That is, the adversary can pick a path with n-1 MIXes belonging to it
  and 1 mix not. Then send something horrible through the path (e.g. 
  kiddie porn) and have the good MIX raided when it reaches that MIX.
  The adversary is protected against retribution by the MIX because its
  identity is unknown.

* Client-picked paths allow clients to selectively deny service - a client
  can send many many messages through the same MIX via different paths to
  load the MIX. The MIX has no idea this flooding is from the same client. 
  This has bad implications in a system where you CAN pick your own paths
  but MOST people use a default of picking "least congested" paths. 

* A client can conspire with a MIX to mark MIX packets travelling through
  the network. Client-picked paths give the client complete control over
  where these compromised MIXes appear in a route. Another way of putting
  it is that client-picked paths give the clients the ability to purposely
  fail in the protocol. 


> 
> > 5) Mixnet accountability paper. We didn't really get to this in the
> > meeting time; we'll cover it over email.
> 
> Did you tape the meeting?

We taped part of it (the first 90 minutes). I have the tape; I don't think
I have the necessary cable. I can get that from Radio Shack sometime this
week. Unless Roger or Mike would prefer to do it.

-David