Re: Servers Should Use a Secure Mix Algorithm

[Steve Crook <steve@xxxxxxxxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, Mar 02, 2006 at 10:39:34PM -0000, Peter Hendrickson wrote:
 
> Using the timed algorithm, however, gives a falsely positive picture
> of how the system performs.  Applications using Mixminion should be
> developed and tested using the real thing.  If the system is not
> usable with a real mix algorithm, then we need to solve that problem.

Hi Peter,

The problem is that pooled mix's require enough traffic in the
system to fill the pool and release messages.  Whilst the system is in
testing, there aren't enough messages which results in unrealistic
delays in messages getting through.

> It is actually quite reasonable to use a real mix algorithm during the
> Alpha or even development phases.  There's simply no other way to get
> a feel for how the real system will perform.

This is true to some extent, but without pingers or users to generate
traffic, the pooled algorithm will actually produce a skewed perception
of how the system will perform.  Pooled algorithms are designed to
ensure anonymity even when traffic levels drop to virtually zero.  They
do this by sitting on messages forever if necessary until there is
sufficient traffic to trigger the pool.
 
> My judgment was and is that it's time to move forward.  We might as
> well try the system out with a real mix.  Mixminion is beautifully
> designed, but we've never really tried it out.

I agree that it would be beneficial for some servers to test out the
pooled mix algorithms, but it would be better to do this on a small
scale first, rather than a mass migration.

Regards
Steve
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFEB3j6tHGA1SKHYecRAnwAAKDq3L84CI38Ls+BcQErm9LuJNQ0VQCgnRAD
1vpIqDAjuiq0VbuxpFnZTVo=
=0dFN
-----END PGP SIGNATURE-----