[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

comments on design doc



I know this is very late -- sorry about that.

A few quick comments on Mixmaster behavior:

On the first page, in the "Exit Polices" section of the overview, the
paper states that "the original Mixmaster design provided no way for nodes
to advertise their capabilities and roles." This isn't actually the case
-- Mixmaster indicates its exit policy in the capability information
provided along with the remailer key, and returned from the stats servers
to the client, which automatically interprets it and behaves accordingly.

First page, Replay prevention section: the Mixmaster time stamps are not
mentioned.  (You describe that Mixmaster keeps a replay log that is
rotated; you do not mention that, since 1998 it counters the attack you
describe by discarding messages older than a certain number of days (which
coordinates with the replay cache so that there is no window for replay.)
Yes, this does have partitioning problems, though it avoids an incidental
tagging issue by randomizing the timestamps withing a certain time window.