Re: More discussion of header swap efficiency

[George Danezis <gd@theory.lcs.mit.edu>]

I buy your argument. We should delete that phrase, and insert your 
explanation on why we do not need double length.

Yours,

George

On Fri, 3 May 2002, Roger Dingledine wrote:

> George wrote in one of his recent checkins:
> >Of course in order to make this scheme as secure as if tagging attacks did
> >not exist we should require users to choose the double path length for
> >each message.
> 
> I've previously argued that we don't need to double path length:
> 
> * If you're using a reply block without wanting anonymity, you simply
>   use the reply block directly. Tagging won't work against it.
> * If you're using a reply block and want anonymity, both of you choose
>   legs that are long enough. You need to do that anyway; no wasted
>   hops there.
> * For forward messages, you get anonymity out of the first leg, and
>   tagging attacks are thwarted by the crossover point (multi-message
>   tagging attacks are thwarted by the several-path approach). So the
>   second leg can be short and stunted (eg, a hop or two, or the second
>   header can even contain delivery information directly), rather than
>   an entire anonymity-providing leg.
> 
> Do you still agree with the requirement of doubling path length? Please
> expand.
> 
> --Roger
>