[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[freehaven-dev] Mixminion anonymous remailer enters alpha



Mixminion is a design and implementation effort to build an improved
and documented mix network for the Internet. We have a design document
describing our intuition and the start of a security argument; a
specification (in progress) with byte-level details of how to implement
a Type III (Mixminion-compatible) remailer; and a working alpha that
implements a subset of the spec.

Please check it out at http://mixminion.net/ and let us know what you
think. Below I've included the latest release notes.

Thanks,
--Roger

==============================================================================
This is Mixminion version 0.0.2.1.

CONTENTS:
        I.    Overview
        II.   What's new in this version
        III.  How to upgrade
        IV.   How to install
        V.    How to send messages
        VI.   How to run a server
        VII.  How to report bugs and suggestions
        VIII. Future interoperability
        IX.   How to contribute

I. OVERVIEW
===========

Mixminion is the standard implementation of the Type III anonymous remailer
protocol, which lets you send very anonymous email.  This best-of-breed
remailer uses conservative design approaches to provide security against most
known attacks.  We chose a simple, extensible design so that we can provide a
robust core system and then experiment with new research features such as
dummy policies, directory servers, and reputation systems.

You can find the latest information at http://mixminion.net/, or on the
mailing list, archived at http://archives.seul.org/mixminion/dev/.  Please
consider subscribing, especially if you're going to run a node.

This is a testing alpha release.  You will probably only want to use it if
you are technically inclined, curious, and interested in helping the
Mixminion development effort.

WARNING!  Do NOT use this release if you require strong anonymity.  It has
known deficiencies, including some that make it possible for an adversary
to trace your message through the system.

II. WHAT'S NEW IN THIS VERSION?
===============================

NEW IN VERSION 0.0.2.1:
   - BUGFIX: A nasty bug is fixed that could, under just the right
     circumstances, send the server into an infinite loop and fill up your
     hard drive.  If you're running a server, you *should* upgrade.
   - Server log messages are more reasonably structured.
   - setup.py is more clever about half-installed Python.
   - "list-servers" now supports the same directory-download options as
     does "send".

NEW IN VERSION 0.0.2:
   - A real SMTP exit module to relay messages via a local MTA.  Blacklisting
     is supported by address, by username, by host, by entire domain, and
     by regular expression.
   - Integrated directory support for clients.
   - Automatic path selection, along with a better user interface to specify
     paths.
   - You can now enable Cottrell (DynamicPool) and Binomial Dynamic Pool
     batching, though they are disabled by default to make the system more
     testable.
   - Servers resist certain trivial DoS attacks more strongly.  In
     particular, you should no longer be able to send zlib bombs or flood a
     server with open connections.
   - Clean build process under FreeBSD.
   - Ability to run server as a daemon.
   - Slightly better documentation and error messages.
   - Better resistance to newline corruption of server descriptors.
   - Other bugfixes and performance improvements too numerous to mention.

NEW IN VERSION 0.0.1:
   - You can run a rudimentary server that can deliver to other Mixminion
     servers, that can use Mixmaster to deliver to any external address,
     or that sends SMTP directly to a preconfigured set of addresses.
   - You can send anonymous email via these servers.

STILL NOT IN THIS VERSION:
   - There is no client interface for sending replies or generating reply
     blocks (the code is written but not exposed).
   - We could use some man pages.
   - IP-based restrictions don't work.
   - No automatic key generation or server publication.
   - No support for distributed directories.
   - MMTP does not exactly follow the specification yet.
   - Other stuff too numerous to mention; see TODO.

III. HOW TO UPGRADE FROM MIXMINION 0.0.1
========================================

Just follow the installation instructions below. :)

Be aware that the client command line has changed significantly since version
0.0.1, and there are important new options in the server configuration file.

IV. HOW TO INSTALL MIXMINION
============================

The quick version.
------------------
  <download and unpack http://www.mixminion.net/dist/Mixminion-0.0.2.1.tar.gz>

  % cd Mixminion-0.0.2.1
  % make download-openssl
  % make build-openssl
  % make
  % make test
 EITHER:
    % su
    Password:
    # make install
 OR:
    % make install PREFIX=~

The verbose version.
--------------------

  1) You must have Python version 2.0 or later installed on your system.  The
     binary may be called "python", "python2", "python2.X", or something else.
     If you don't have Python >=v2.0, go install it.  You can find source and
     binary distributions at http://www.python.org/.

  2) If you have OpenSSL version 0.9.7beta3 or later, go to step 4.
     Otherwise, continue.

  3) Run "make download-openssl".

  4) Run "make build-openssl".  If this step fails, OpenSSL didn't build
     correctly on your system.  Go read contrib/openssl/INSTALL, and make
     OpenSSL build.

  5) Run "make".  If you get any errors, please report them to
     <nickm@freehaven.net>.

  6) Run "make test" to run Mixminion's unit tests.  If you get any errors,
     please report them to <nickm@freehaven.net>.

  7) Run "make install" to install Mixminion.  You may need to be root to
     execute this command.  By default, Mixminion will install itself relative
     to your python distribution.  If you want to install somewhere else (e.g.
     /home/miniond/), run "make install PREFIX=/home/miniond".

     A script called "mixminion" will be created in the 'bin' directory
     relative to your prefix, or in the same directory as the python
     executable if no prefix is provided.  To make sure that everything was
     installed correctly, you can run "mixminion unittests".

V. HOW TO SEND MESSAGES VIA MIXMINION
=====================================

Just run one of the following command lines:

        mixminion send -t <email address> -i <filename to send>
    OR  mixminion send -t <email address>            (to read from stdin)
    OR  mixminion send -t <email address> -i -       (also reads from stdin)

Mixminion will then take the following steps:

     A) Download and validate the latest server directory.
        (But only if you haven't done so since midnight GMT.)
     B) Select a path that ends at a server with SMTP support.
        (Currently, this defaults to 4 hops.)
     C) Read your message.
     D) Construct a Type III Mix packet containing your message.
        (For more information, see the links at http://www.mixminion.net/)
     E) Send the message to the first server in your path.

To see a list of currently known servers, type:

      mixminion list-servers

To force a reload of the server directory, type:

      mixminion send -t <address> [-i <file>] -D yes

To send a message _without_ reloading the directory, type:

      mixminion send -t <address> [-i <file>] -D no

To reload the directory without sending a message, type:

        mixminion send -D yes
     OR mixminion update-servers

To force a path of a given length, type:

      mixminion send -t <address> [-i <file>] -H <number of hops>

      You can change the default by editing ~/.mixminionrc

To specify a path manually, type:

      mixminion send -t <address> [-i <file>] -P <path>

      The argument <path> must be a comma separated list of either:
          (a) Server nicknames as given by 'list-servers'
          (b) Paths to files containing server descriptors [more info below]

      For example, to send a message through the servers Foo, Bar, Baz, and
      Quux, you would type "-P Foo,Bar,Baz,Quux."

      If you only care about the servers at the beginning or end of your
      path, you can include a wildcard, like this:

             -P 'Foo,*'           [Path that starts with Foo]
             -P '*,Foo'           [Path that ends with Foo]
             -P 'Foo,Bar,*,Quux'  [Path that starts with Foo and Bar,
                                   and ends with Quux]

      {ADVANCED} By default, the swap point will be halfway through
      the path (rounding up). To specify a swap point explicitly, use
      a colon in your path, as in:
             -P 'Foo,Bar:Baz,Quux'    [Swap headers at server Bar]
             --swap-at=<n>            [Swap headers at the n'th server]
      If you don't know what a swap point is, don't worry. :)

To send a dummy message, specify "drop" instead of an email address, as in:

      mixminion send -t drop
      mixminion send -t drop -P '*,Foo'
      mixminion send -t drop -H 8


If you need to use a proxy server to use the web you can specify it using the
http_proxy environment variable:

      export http_proxy=http://proxy:3128/
      mixminion send -D yes


VI. HOW TO RUN YOUR OWN MIXMINION SERVER
========================================

1) Create a copy of the "etc/mixminiond.conf" file from the
   mixminion distribution and place it where you like.  Mixminion will
   automatically look in ~/.mixminiond.conf, ~/etc/mixminiond.conf, and
   /etc/mixminiond.conf.  However, you can store it anywhere.

2) Edit mixminiond.conf to reflect your own system settings.

3) Run your server for the first time:

        "mixminion server -f <path to mixminiond.conf>"

    (The -f flag and path is only necessary if you placed the
    configuration file somehwere other than ~/.mixminiond.conf,
    ~/etc/mixminiond.conf, or /etc/mixminiond.conf.)

5) To try out your server, clients will need a copy of your server
   descriptor, which should be stored in $SERVER_HOME/keys/key_*/ServerDesc.

   For example, if your mixminiond.conf contains the following line:

           Homedir: /home/mixminion/spool

   Then your first server descriptor will be stored in:

           "/home/mixminion/spool/keys/key_0001/ServerDesc".

   Mixminion supports a global directory of server descriptors.  Until you
   are listed in that directory, clients can import your ServerDesc file
   (if they have a copy) by hand by running:

           mixminion import-server <filename>

6) When you're ready to advertise your server, email your server descriptor
   (PGP-signed, if possible) to <nickm@freehaven.net>.  I'll try out your
   server for a while and then add it to the directory.

   WARNING: We don't have statistics yet, so the system isn't robust in
   the presence of unreliable servers in the directory.  Please let me
   know if you're going to take down a server, and please don't publish a
   server if you don't think you can keep it up for a good while.

   {This step will be more automated in later versions.}

VII. HOW TO REPORT BUGS AND SUGGEST NEW FEATURES
================================================

Just email <nickm@freehaven.net>.

For help in debugging, please try to send a copy of:
        * What command you were running
        * The complete error you got, including stack trace (if any)

If your error occurred on a running server, please make a copy of your
log--it might be helpful.

VIII. FUTURE INTEROPERABILITY
=============================

Mixminion is not yet feature complete.  As the software moves closer to
official release, backwards-incompatible changes *WILL* be introduced.
Future versions of Mixminion, including future versions in the 0.x track, may
reject messages from older versions as additional security features are
added.

Furthermore, the present preview versions include necessary diagnostic
features that potentially compromise anonymity and would be inappropriate in
a production system; these features will be removed or disabled by 1.0.

IX. HOW TO CONTRIBUTE
=====================

Send patches to <nickm@freehaven.net>.  If you can, please submit unified
diffs against the latest version of the code in CVS.

Make sure to run 'make test' before you send in any patches, so you can see
whether your patch broke existing code.  (It's okay if you're not sure how to
fix the test, but please let me know when you send your patch.)
==============================================================================