Re: Servers Should Use a Secure Mix Algorithm

[Colin Tuckley <colin@xxxxxxxxxxx>]

Peter Hendrickson wrote:

> Using the timed algorithm, however, gives a falsely positive picture
> of how the system performs.  Applications using Mixminion should be
> developed and tested using the real thing.  If the system is not
> usable with a real mix algorithm, then we need to solve that problem.

We have a "hang-up" problem, Nick is looking at it, however until it's fixed
we need a simple and stable system.

> The way to express that a system is not secure is to say "This system
> is not secure", not by introducing weaknesses.

We are not introducing weaknesses, we are in alpha test, that means "This
doesn't work but we are trying to fix it!"

> It is actually quite reasonable to use a real mix algorithm during the
> Alpha or even development phases.  There's simply no other way to get
> a feel for how the real system will perform.

See Steves, response, nothing is going to let us see how it works until we
get enough traffic to mimic production conditions.

> My judgment was and is that it's time to move forward.  We might as
> well try the system out with a real mix.  Mixminion is beautifully
> designed, but we've never really tried it out.

It would have been nice if you had shared that opinion with us before acting.

One more thing, I read the list, please don't cc me as well.

regards,

Colin

-- 
Colin Tuckley      |  colin@xxxxxxxxxxx  |  PGP/GnuPG Key Id
+44(0)1903 236872  |  +44(0)7799 143369  |     0x1B3045CE

Why isn't phonetic spelled the way it is pronounced?