[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[freehaven-dev] adversary capabilities

I just realized we should make something clear in our threat model : we
assume that adversaries have or potentially could have such things as

	* a list of all files in Free Haven, and their 
	associated public keys
	* a list of all servnet nodes and their public keys
	* a complete transcript of everything broadcast, ever

and other data which may be considered to be only "obscure." (what else is
there?) The reason for this is that there may be attacks which work,
"but you have to compare the file to every file in Free Haven" or
"you have to know everyone in the servnet." Because gathering the kind
of data necessary to do these kinds of attacks is not particularly hard,
just time consuming (and we don't know *how* time consuming), this means
that such attacks must be taken very seriously. 

I suppose that this seems obvious to most everyone reading this list, but
I think it still needs to be put in someplace. In particular, it might be
nice to clarify just what info exactly we expect to be "easy" for an
adversary to obtain.