[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

More discussion of header swap efficiency

To: mixminion-dev@freehaven.net
Subject: More discussion of header swap efficiency
From: Roger Dingledine <arma@mit.edu>
Date: Fri, 3 May 2002 03:56:15 -0400
Delivered-To: archiver@seul.org
Delivered-To: mixminion-dev-outgoing@seul.org
Delivered-To: mixminion-dev@seul.org
Delivery-Date: Fri, 03 May 2002 03:56:16 -0400
Reply-To: mixminion-dev@freehaven.net
Sender: owner-mixminion-dev@freehaven.net
User-Agent: Mutt/1.2.5.1i

George wrote in one of his recent checkins:
>Of course in order to make this scheme as secure as if tagging attacks did
>not exist we should require users to choose the double path length for
>each message.

I've previously argued that we don't need to double path length:

* If you're using a reply block without wanting anonymity, you simply
  use the reply block directly. Tagging won't work against it.
* If you're using a reply block and want anonymity, both of you choose
  legs that are long enough. You need to do that anyway; no wasted
  hops there.
* For forward messages, you get anonymity out of the first leg, and
  tagging attacks are thwarted by the crossover point (multi-message
  tagging attacks are thwarted by the several-path approach). So the
  second leg can be short and stunted (eg, a hop or two, or the second
  header can even contain delivery information directly), rather than
  an entire anonymity-providing leg.

Do you still agree with the requirement of doubling path length? Please
expand.

--Roger

Follow-Ups:
- Re: More discussion of header swap efficiency
  - From: George Danezis <gd@theory.lcs.mit.edu>

Prev by Date: Re: [minion-cvs] fixed some typos and LaTeX errors
Next by Date: Re: More discussion of header swap efficiency
Prev by thread: Re: [minion-cvs] fixed some typos and LaTeX errors
Next by thread: Re: More discussion of header swap efficiency
Index(es):
- Date
- Thread