Re: Forward and reply messages

[Roger Dingledine <arma@mit.edu>]

On Wed, Apr 24, 2002 at 08:26:12PM -0400, Roger Dingledine wrote:
> So if this defense works, then we're actually not wasting *any* hops
> when anonymizing mail to reply blocks.

While I'm defending swap, and now that I've shown we don't waste any hops
on replies or on anonymized replies, let me tell you why we don't waste
(m)any hops on forward-only mails.

Since the crossover point obliterates the remainder of the path if the
message has been tagged, then we need to hide our source in the first
leg of the path (if it hasn't been tagged we succeed, and if it has
been tagged then it's just like the adversary killed the message). The
second leg is just there so we can have a crossover point and prevent
whole-path tagging. So the second leg can be real short. Like, a hop.

> (But you're right -- if Alice sends 10 anonymized mails to Bob's reply
> path, and Bob tags 5 of them when they leave Alice, and Bob owns his
> reply path and Alice uses the same route to anonymize herself and Bob
> owns the end of the route she chooses, then Bob will see that 5 incoming
> messages are garbled and 5 go to his reply path. That's scary -- scary in
> a way that we in the research community have never been able to quantify
> well. Hm. Perhaps this is a strong argument against using the same path
> for multiple messages. Bleah. What do others think here?)

...But this attack still works, and indeed is magnified now that the
second leg is trivial to break.

George?

--Roger