[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [minion-cvs] Add comment suggesting a solution for zlib bombing

 Nick wrote:
>
> I can think of two options:
>      1. If you're using a specialized exit module (not SMTP), that exit 
>         module can have its own anti-bombing defenses. [Most services
>         that use Mixminion as a transport layer should probably do this;
>         MMTP provides far better security guarantees than does SMTP.]
>      2. You can precompress _all_ data before feeding it to Mixminion. 
>         Mixminion will try to compress it a second time, but the
>         compression factor will be very low. This might sound wasteful,
>         but in practise it adds less than 0.7% to the cost of generating
>         an 8-hop message.
>      3. If you receive a message that you don't recognize as valid for
>         your protocol, try uncompressing it.

I'm still not understanding what the programmable API would look like.  
I suppose there is a function like "mixminion.send(msg, recip)", and perhaps it 
has a comment: "@raises TooCompressableException: if len(msg) > 20 KBytes and 
msg compresses to less than 1/20th of its original size".

If we choose option #2, when this leads me to think there ought to be a 
higher-layer API "mixminion.compressed_send(msg, recip)", which compresses and 
then calls mixminion.send()...  ?

Regards,

Zooko