[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Thoughts on MixMinion archives

To: <mixminion-dev@freehaven.net>
Subject: Re: Thoughts on MixMinion archives
From: Len Sassaman <rabbi@quickie.net>
Date: Tue, 23 Apr 2002 15:36:08 -0700 (PDT)
Delivered-To: archiver@seul.org
Delivered-To: mixminion-dev-outgoing@seul.org
Delivered-To: mixminion-dev@seul.org
Delivery-Date: Tue, 23 Apr 2002 18:36:12 -0400
In-Reply-To: <1019600266.964.45.camel@blinking-device.reputation.com>
Reply-To: mixminion-dev@freehaven.net
Sender: owner-mixminion-dev@freehaven.net

On 23 Apr 2002, Nick Mathewson wrote:

> Sorry -- I was suggesting that, if we got stuff right this time, we
> might make future systems backwards compatible with type III... not that
> we should keep types I and II alive forever.

Gotcha. Bram Cohen and I have discussed this a bit, with regard to the TLS
transport layer stuff. I'll write up what we came up with shortly.

Big things that Type IV remailers should do is: allow remailers to be
compensated for the messages they process, and be far more tolerant of
short-lived nodes.

You can check the cypherpunks archives for some ideas I had on a postage
stamp system that could also be used in conjunction with a system allowing
for independent user verification of remailer reliability and message
delivery. I'll go into this in more detail as well, if anyone is
interested.

>  [...]
> > > Sorry about the confusion--what you describe is the intended behavior of
> > > a SMTP delivery module.  The idea is to make all delivery methods into
> > > isolated modulres, to make the security of the core easier to examine.
> >
> > Okay, so this is a Mixminion specific architecture issue, which I don't
> > have to worry about.
>
> Well, it touches the spec a little too.  The idea is to have a notion of
> "payload type" in the spec, so that experimental extensions can be
> isolated from the spec proper.
>
> The spec will need to say things of the form, "When you receive a
> message of type SMTP, you need to extract an email address like this and
> a message body like that, and send them along via SMTP--either via an
> MTA or manually."

Okay, so we're actually saying the same things and just not realizing it.
Good. :)

>  [...]
> > Agreed. This also brings up the sticky question of extensibility. Ideally,
> > we'll permit no extensions that would fragment the anonymity set. However,
> > if we don't specify a method for specifying additional features/
> > capabilities, they will happen ad-hoc.
>
> Indeed.  Also, extensibility allows us to phase new delivery and
> forwarding strategies into the system _without_ breaking backwards
> compatibility.
>
> There's no way we can prevent people from wilfully adding stupid
> extensions to the system.  We should just practice good design
> ourselves, make sure that our design docs explain how to do so, and
> encourage others to follow along.  I bet that anybody with enough hubris
> to ignore our advice has enough hubris to hack an incompatible, ad-hoc
> extension mechanism onto our code anyway. :)

Agreed.

References:
- Re: Thoughts on MixMinion archives
  - From: Nick Mathewson <nickm@alum.mit.edu>

Prev by Date: Re: non-SMTP uses (was: Thoughts on MixMinion archives)
Next by Date: Re: Forward and reply messages
Prev by thread: Re: Thoughts on MixMinion archives
Next by thread: Replay attacks (was Re: Thoughts on MixMinion archives)
Index(es):
- Date
- Thread