Feedback for mixminion specs

[George Danezis <gd@theory.lcs.mit.edu>]

Dear All,

I have been using miximinion for the last few weeks and supervising an 
implementation in C. I thought that I should share with you my thought 
about some parts of the spec. 

1) SURB length

I feel that the SURB block is very long, particularly in its Base64 
format. I noticed this when I attach 2 SURBs in an anonymous email I am 
sending. A suggestion I had come up with earlier in order to limit the 
length of the SURBs is to include a random key with which the padding up 
to 128*16 bytes can be generated. This way only 4*128 bytes + red tape 
have to be included and the other generated by the sender. The problem of 
course with this is about revealing the number of hops a reply block is 
using. Hmmm...

2) SSL/TLS

Early in the design we have decided to go for SSL/TLS instead of designing 
our own forward secure channel. Was this wise? As far as I have 
experienced the MMTP code takes a third of the project (around 10 pages of 
C code). The OpenSSL library takes ages to compile, and is seriously big! 
The cryptographic algorithms we are using, except for MMTP, can be easily 
found elsewhere (AES, SHA-1, PKCS#1 OAEP RSA and SIG). Finally it creates 
licensing problems, and introduces bugs we cannot control. 

The question is, and I realize it might be contentious: is it worth it?
Instead of just going into a mud fight (or flame war) I will design a 
protocol that does everything that MMTP currently does to see how 
complicated it would be, then feedback my opinions.

3) Judging the anonymity of the network

For the moment it is very difficult to assess the anonymity given by the 
network. Maybe servers should advertise the amount of anonymity they 
provide given some metric (and we have proposed one with Andrei in the 
past). I will look at this problem and feed back...

Looking forward to your comments,

George