[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on latest draft

To: mixminion-dev@freehaven.net
Subject: Re: Comments on latest draft
From: Roger Dingledine <arma@mit.edu>
Date: Tue, 26 Mar 2002 13:34:39 -0500
Delivered-To: archiver@seul.org
Delivered-To: mixminion-dev-outgoing@seul.org
Delivered-To: mixminion-dev@seul.org
Delivery-Date: Tue, 26 Mar 2002 13:34:39 -0500
In-Reply-To: <1017148779.5359.128.camel@o-totoro>; from nickm@alum.mit.edu on Tue, Mar 26, 2002 at 08:19:39AM -0500
References: <Pine.LNX.4.44.0203260715450.4720-100000@blackbird.lcs.mit.edu> <1017148779.5359.128.camel@o-totoro>
Reply-To: mixminion-dev@freehaven.net
Sender: owner-mixminion-dev@freehaven.net
User-Agent: Mutt/1.2.5.1i

On Tue, Mar 26, 2002 at 08:19:39AM -0500, Nick Mathewson wrote:
> > Note that we do not define a mixing method in the standard. I am not sure 
> > how prudent that is. Maybe we should require a minimum level of traffic 
> > and mixing from each node.
> 
> Perhaps the PK block should advertise the alleged mixing capabilities of
> the mixes.

Good mixing is trivial to do. All you need to do is make the order of
incoming messages unlinkable with the order of outgoing messages. For
instance, you could alphabetize the batch before sending it out.

So it wouldn't be so much a capabilities advertisement as a "yes I'll
mix" or "I'm a meanie" flag. Since it's easy to do, I don't think we
should offer the "be a meanie" option.

What *is* important is the batching characteristics -- how long, or how
many messages, do I wait before calling it a batch?

There are a number of machines in the remailer network which have very
low latency for processing a message. These are 'worse' to use if you
want a strongly anonymous path. The problem is compounded by the fact
that the remailer statistics page ranks by reliability and latency --
so the reliable pass-through mixes are ranked best.

Whether we want to let each mix declare his batching parameters, or let
the reputation servers observe them objectively, I don't know. Maybe both?

Hm. It seems easy to determine latency remotely, but hard to determine batch
size remotely. Yes/no?

And yet another point -- would a network of nodes with variable batch
size and latency be easier to traffic-analyze with an intersection attack
than a network of uniform nodes?

> I agree that MURBs, in the sense of type-1 remailer reply blocks, are
> bad for precisely the reason you describe.  Naturally, I believe that we
> should continue to contemplate ways to make good substitutes, or to make
> them good.  

This is really a shame, but currently I agree with you. It's one of our
major open problems.

> > >       - Political #2: "He who would make his own liberty secure, must
> > > guard even his enemy from oppression; for if he violates this duty, he
> > > establishes a precedent that will reach to himself." (Thomas Paine)
> > >       - Any other thoughts?
[snip] 
> I like political #2 as well, though we can hold off for a while. 
> Doubtlessly this is not the best quote about freedom or privacy that
> anybody can find with Google, Bartlett's, or some comparable resource.
> :)

I enjoyed picking quotes for my thesis. Compare chapter 4 of
http://freehaven.net/doc/freehaven10.ps :)

Or "Every man should know that his conversations, his correspondence, and his
personal life are private." -- Lyndon Johnson.

What were we picking quotes for again?

--Roger

Follow-Ups:
- Re: Comments on latest draft
  - From: Nick Mathewson <nickm@reputation.com>

References:
- Re: Comments on latest draft
  - From: George Danezis <gd@theory.lcs.mit.edu>
- Re: Comments on latest draft
  - From: Nick Mathewson <nickm@alum.mit.edu>

Prev by Date: Re: Comments on latest draft
Next by Date: Re: Comments on latest draft
Prev by thread: Re: Comments on latest draft
Next by thread: Re: Comments on latest draft
Index(es):
- Date
- Thread