[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[minion-cvs] Added comments on SURB encoding

To: mixminion-cvs@freehaven.net
Subject: [minion-cvs] Added comments on SURB encoding
From: nickm@seul.org (Nick Mathewson)
Date: Sun, 16 Jun 2002 22:30:27 -0400 (EDT)
Delivered-To: archiver@seul.org
Delivered-To: mixminion-cvs-outgoing@seul.org
Delivered-To: mixminion-cvs@seul.org
Delivery-Date: Sun, 16 Jun 2002 22:30:27 -0400
Reply-To: mixminion-cvs@freehaven.net
Sender: owner-mixminion-cvs@freehaven.net

Update of /home/minion/cvsroot/doc
In directory moria.seul.org:/tmp/cvs-serv1205

Modified Files:
	minion-spec.tex 
Log Message:
Added comments on SURB encoding

Index: minion-spec.tex
===================================================================
RCS file: /home/minion/cvsroot/doc/minion-spec.tex,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -d -r1.25 -r1.26
--- minion-spec.tex	14 Jun 2002 18:04:21 -0000	1.25
+++ minion-spec.tex	17 Jun 2002 02:30:24 -0000	1.26
@@ -479,14 +479,21 @@
 Total: 54 bytes + Address Size + SURB size + Linked Data Size
 
 * The magic marker contains the ASCII 4-byte string 'SURB'. 
+   [ XXXX There should be a version number here. -NM ]
 * Address: Contains the address of the first hop to which the message
   encoded using this SURB should be sent to.
+   [ XXXX Won't the first hop always be a forward address?  If so, then
+     we don't need the size marker: we only need an IP, port, and
+     keyid.  If not, then we need a routing type as well. -NM ]
 * Use-by-Date: indicated the expiry date the SURB should be used by. Can
   be calculated using the key rotation frequencies of the intermediate
   nodes.
+   [ XXXX Units? If we're too fine-grained, people may use this to
+     leak info.  If we're too course-grained, we can't move to a
+     tighter schedule later on.  -NM]
 * SURB data: Containst the SURB that is created as described
-  above. The Junk at the end can be ommited (although it is not wise
-  to reduce it more than hoaf the size of a full SURB). When the SURB
+  above. The Junk at the end can be omited (although it is not wise
+  to reduce it more than half the size of a full SURB). When the SURB
   is created some data can be bound to it to ensure that they cannot
   be replaced by any malicious third party. To do this instead of 
   including junk at the end of the SURB one can include a hash of the
@@ -495,9 +502,19 @@
   That hash is contained in the last 20 bytes of the SURB data.
 * Filler: Used to prinme the stream cipher to pad the SURB data up to
   128*16 bytes.
+
+    [ XXXX Why not just always include the junk?  It'd be easier, and
+       omitting the junk never saves more than 1K per SURB. -NM]
+
 * Linked Data: Additional data that might have to be linked with the 
   SURB.
+    [ XXXX Hm.  What is the point of this? Leaving it free-form raises
+      issues of linkability.  I suggest that rather than adding a
+      catch-all hook, we just embed SURBs when we want to embed them. -NM]
 * The Digest is a Hash of all the other fields.
+    [ XXXX Why have a digest here?  What is the risk?  Anybody who can
+       tamper with a SURB can recompute the digest.  -NM ]
+
 
 The ASCII Encoding of SURBs.
 
@@ -507,6 +524,9 @@
 ID: Base64 Encoding of the first 48 bits of the Digest (8 characters).
 Base64 encoded binary SURB 
 --- END SURB ---
+
+[ XXXX This should absolutely have a version number.  Again, what does
+  the digest defend against? -NM]
 
 \section{Email Transport exchange format}

Prev by Date: [minion-cvs] Added the binary formats for EMAIL and SURBS.
Next by Date: [minion-cvs] another round of overall comments and patches
Prev by thread: [minion-cvs] Added the binary formats for EMAIL and SURBS.
Next by thread: [minion-cvs] another round of overall comments and patches
Index(es):
- Date
- Thread