Re: Comments on latest draft

[Nick Mathewson <nickm@reputation.com>]

On Tue, 2002-03-26 at 13:34, Roger Dingledine wrote:
 [...]
> Good mixing is trivial to do. All you need to do is make the order of
> incoming messages unlinkable with the order of outgoing messages. For
> instance, you could alphabetize the batch before sending it out.
>
> So it wouldn't be so much a capabilities advertisement as a "yes I'll
> mix" or "I'm a meanie" flag. Since it's easy to do, I don't think we
> should offer the "be a meanie" option.

Agreed.  I think that the forwarding properties of mixes used as
intermediate hops should be as similar as possible; see below.
 
> What *is* important is the batching characteristics -- how long, or how
> many messages, do I wait before calling it a batch?

[...]
> And yet another point -- would a network of nodes with variable batch
> size and latency be easier to traffic-analyze with an intersection attack
> than a network of uniform nodes?

Sure.  If Eve seesme use one low-latency node, it's more likely that I
care about latency, and thus more likely that the other nodes I choose
will also be low-latency.  This helps Eve to perform traffic analysis.

Hm.  The more I think about it, the more I wonder if we shouldn't just
specify a 'correct' batching method. :/

 [...]
> I enjoyed picking quotes for my thesis. Compare chapter 4 of
> http://freehaven.net/doc/freehaven10.ps :)
> 
> Or "Every man should know that his conversations, his correspondence, and his
> personal life are private." -- Lyndon Johnson.
> 
> What were we picking quotes for again?

The RSA-OAEP#1 encapsulation standard requires an arbitrary parameter,
"P."  If I understand correctly, it can be any string of bytes shorter
than the maximum input to your hash function.

-- 
Nick