[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Minion paper comments

To: George Danezis <gd@theory.lcs.mit.edu>
Subject: Re: Minion paper comments
From: Adam Shostack <adam@homeport.org>
Date: Sat, 1 Feb 2003 11:26:22 -0500
Cc: mixminion-dev@freehaven.net
Delivered-to: archiver@seul.org
Delivered-to: mixminion-dev-outgoing@seul.org
Delivered-to: mixminion-dev@seul.org
Delivery-date: Sat, 01 Feb 2003 11:26:34 -0500
In-reply-to: <Pine.LNX.4.44.0301271051430.11622-100000@blackbird.lcs.mit.edu>
References: <20030114100309.C4668@moria.mit.edu> <Pine.LNX.4.44.0301271051430.11622-100000@blackbird.lcs.mit.edu>
Reply-to: mixminion-dev@freehaven.net
Sender: owner-mixminion-dev@freehaven.net
User-agent: Mutt/1.4i

Hi George,

   Its a very interesting point, and clearly I missed it.  A concern
that I have is that Mixminion is introducing lots of new and
interesting ideas, and that may contradict one of the early design
goals.

   I think its probably worth discussing in the paper the tension
between "just fix the broken bits and document" and "replace type 1."

   A few more comments intra.

On Mon, Jan 27, 2003 at 11:03:27AM -0500, George Danezis wrote:
| Dear Adam & all,
| 
| To start with I would like to thank Adam for the comments. Every time I 
| leave the paper and the spec I feel they are perfect and every time someone 
| looks at it they prove to me again that it needs loads of work.
| 
| I am the one that has introduced this notation and I would like to explain 
| myself. 
| 
| > > In section IV.A, you confuse anonymity (without a name) with
| > > pseudonymity.  In "1", If Alice is anonymous, its (A)^x_i, not (A)^X 
| > > In 3, Alice and Bob remain pseudonymous for their conversation.
| > 
| > Hrm. Our notation seems all screwed up here, doesn't it. Certainly the
| > messages that use reply blocks should be using ^y_i, since there's no
| > such thing as a multi-use reply block. And I agree -- I don't understand
| > the notion of "Alice communicating anonymously with a pseudonym". The
| > Mixminion network provides forward anonymity, meaning I guess (A),
| > and Alice can choose to sign her messages with some key (pseudonym)
| > that persists between messages.
| 
| Everything inside the parenthesis in (A)^x, namely the identity of
| Alice, is not know to anyone if the network has not been attacked
| successfully. Now, (A)^x is a transient identity, even if it only used 
| once (an in the case of a single forward message). Now the transient 
| identity (A)^x might want to have a persistent relationship with someone 
| else, and therefore include MANY reply blocks in a forward messages for 
| example: 
| 
| (A)^x -> B: M, (A)^x_1 ... (A)^x_n
| 
| Now this is not pseudonymity as we usually understand it since nothing 
| links the SURBs except the fact that they are all sent by (A)^x. If this 
| was not the case they would indeed be unlinkable.
| 
| Of course digital signatures could be used to link them together or even
| link different conversations together in a non-repudiable manner. But in
| this case this is not the objective at all. In introducing this notation I
| wanted to keep in people minds that their transactions can be pseudonymous
| even if they do not explicitelly use pseudonyms (just by the linking 
| that the same message provides).
| 
| Maybe we should clarify or otherwise change the notation.

I think that clarification is the right thing.  (A)^x is a pseudonym,
and should be referred to as such.  I think my confusion came from
thinking that the set of (A)^x_i were not linkable.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume

Next by Date: Minion reliability no better than Mixmaster?
Next by thread: Re: Minion paper comments
Index(es):
- Date
- Thread