[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[minion-cvs] Added comments on SURB encoding
Update of /home/minion/cvsroot/doc
In directory moria.seul.org:/tmp/cvs-serv1205
Modified Files:
minion-spec.tex
Log Message:
Added comments on SURB encoding
Index: minion-spec.tex
===================================================================
RCS file: /home/minion/cvsroot/doc/minion-spec.tex,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -d -r1.25 -r1.26
--- minion-spec.tex 14 Jun 2002 18:04:21 -0000 1.25
+++ minion-spec.tex 17 Jun 2002 02:30:24 -0000 1.26
@@ -479,14 +479,21 @@
Total: 54 bytes + Address Size + SURB size + Linked Data Size
* The magic marker contains the ASCII 4-byte string 'SURB'.
+ [ XXXX There should be a version number here. -NM ]
* Address: Contains the address of the first hop to which the message
encoded using this SURB should be sent to.
+ [ XXXX Won't the first hop always be a forward address? If so, then
+ we don't need the size marker: we only need an IP, port, and
+ keyid. If not, then we need a routing type as well. -NM ]
* Use-by-Date: indicated the expiry date the SURB should be used by. Can
be calculated using the key rotation frequencies of the intermediate
nodes.
+ [ XXXX Units? If we're too fine-grained, people may use this to
+ leak info. If we're too course-grained, we can't move to a
+ tighter schedule later on. -NM]
* SURB data: Containst the SURB that is created as described
- above. The Junk at the end can be ommited (although it is not wise
- to reduce it more than hoaf the size of a full SURB). When the SURB
+ above. The Junk at the end can be omited (although it is not wise
+ to reduce it more than half the size of a full SURB). When the SURB
is created some data can be bound to it to ensure that they cannot
be replaced by any malicious third party. To do this instead of
including junk at the end of the SURB one can include a hash of the
@@ -495,9 +502,19 @@
That hash is contained in the last 20 bytes of the SURB data.
* Filler: Used to prinme the stream cipher to pad the SURB data up to
128*16 bytes.
+
+ [ XXXX Why not just always include the junk? It'd be easier, and
+ omitting the junk never saves more than 1K per SURB. -NM]
+
* Linked Data: Additional data that might have to be linked with the
SURB.
+ [ XXXX Hm. What is the point of this? Leaving it free-form raises
+ issues of linkability. I suggest that rather than adding a
+ catch-all hook, we just embed SURBs when we want to embed them. -NM]
* The Digest is a Hash of all the other fields.
+ [ XXXX Why have a digest here? What is the risk? Anybody who can
+ tamper with a SURB can recompute the digest. -NM ]
+
The ASCII Encoding of SURBs.
@@ -507,6 +524,9 @@
ID: Base64 Encoding of the first 48 bits of the Digest (8 characters).
Base64 encoded binary SURB
--- END SURB ---
+
+[ XXXX This should absolutely have a version number. Again, what does
+ the digest defend against? -NM]
\section{Email Transport exchange format}