[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Sending unique/recogniziable remailer keys to suspect mixminion users
On Tue, 12 Aug 2003 18:17:00 +0200, Thomas J. Boschloo <t.j.boschloo@hccnet.nl> wrote:
[summerized: what to do, trust-wise, when a majority of directory servers is set up by an evil entity that starts to compete by blacklisting (losing traffic to and from) certain mixminion mailers in an attempt to control the whole network]
By now I have read the relevant parts in the mixminion pdf, and I see that
1) directory servers use /complete/ directories [pdf 6]
2) a treshhold of directory servers will remain honest [pdf 4]
Honestly, I think 1) is undoable and that 2) is quite an assumption to make as I hopefully pointed out in my previous post. I must admit that I am not totally clear on the details of these directory servers though. Like how does a node advertise itself? And to which servers?
What I have witnessed in the years that I followed alt.privacy.anon-server, is that there seem to be individuals, or perhaps even organisations, that like to divide the existing mixmaster remailer network. It could even be some admins themselves, but that is just a wild and exagerated opinion that I sometimes adhere to.
If mixminion aspires to become more popular than the current cypherpunk/mixmaster network that exists, such an adversary should not be ignored in the design phase (IMHO). Also, if it works, and because it is so much less flawed than cypherpunk, it will surely attract some big flies like the NSA which will want to read the info encrypted inside the network.
A thought I had today is the question if a situation where more than one entities try to gain control over the network by the process of 1) incomplete/inaccurate directories, 2) making sure they control most of the directory servers + some mixminion nodes,, I just wonder if it would be possible for two such entities, which would not know about each other, to cancel each other out.
To illustrate this thought, to the question if the NSA/FBI/CIA controlled some of the current mixmaster remailers, the answer in APA-S used to be that it didn't matter if they did, as long as you used some other remailers not controlled by them also (iow, long chains). I think that with the attack on my own protocol (which I still can't seem to solve comfortably), this becomes that the last remailer is not controlled by the TLA depending on how and how frequent you retrieve its keys (keyring on stats server/remailer-key request/download package defaults). Unfortunately you only get one chance to stay anonymous because if you fail, it will be all over in the more serious remailer uses cases (like whistle-blowing against high officials in your government).
I hope I don't bore everybody to death with my posts,
Thomas J. Boschloo
Den Helder/Holland
[I am only now reading the post by Steve Crook in the draft: directory agreement in type iii tread, and must agree with him with his comment about controlling 51% of whatever, that is about the point that I am making here also]
--
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/