[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

ANN: Mixminion 0.0.4rc1

Hash: SHA1

"A plain man cannot stand against the anger of a king, who if he
swallow his displeasure now, will yet nurse revenge till he has
wreaked it. Consider, therefore, whether or no you will protect me."

                                             -- The Illiad, Book I

Four servers are up.  I just got a test message.  It's release
canidate time.

The first release candidate for Mixminion 0.0.4 is available.  This
release adds many new features, but breaks backward compatibility with
0.0.3.  For this reason, if you're playing with Mixminion, you should
upgrade now.

Release notes:

If you're running a server, you will need to follow the upgrade
instructions in the README.  There's no more need to email me a
ServerDesc; the procedure has changed.

If you run into any problems with this release candidate, let me know;
I'll try to address them before the real release.

NEW IN VERSION 0.0.4rc1: (From the README)
   First steps toward directory automation:
      - Servers generate new keys and server descriptors when the old ones
        are close to expiring.  (~2 weeks)
      - Servers also regenerate server descriptors when their configuration
      - When a set of keys expires, a server rotates to the next set
        automatically (with some overlap).
      - Servers can upload their descriptors to a directory server
      - There's a trivial directory backend that accepts signed updates
        automatically, and queues new servers.
      - Directories now include a list of which servers are believed to be
        working correctly.  Right now, this list is still manually
      - There's a cron job that regenerates the directory every so often.

   Packet format overhaul:
      - Server RSA keys are now 2048 bits long.
      - The header representation is more compact now, so we don't pay in
        space for the increased key length.

   MMTP improvements:
      - The certificate regime has changed so that key rotation is now 
        possible: instead of authenticating servers based on their TLS
        keys, we authenticate based on their identity keys, which never
      - Packets sent from a server to itself no longer hit the network.
      - When relaying messages, a server never opens more than 1 connection
        at a time to the same server.
      - MMTP clients now recognize a 'REJECTED' reply that a server can use
        to refuse messages when under high load.

   Other server improvements:
      - Servers can (optionally) track the number of packets received, 
        relayed successfully, dropped, and so on.
      - Servers can recognize and advertise whether they are configured
      - The deliver/retry logic has been largely rewritten.  It should
        freak out and die less frequently now.  In any case, it also prints
        better debugging messages, and thrashes the disk less.

   Minor changes:
      - We now use real OpenPGP-style ASCII-armor.  Accept no substitutes!

   Numerous UI Improvements:
      - There are saner error messages for many common cases.
      - Support for multiple SURB keys to prevent identity-blending attack.
      - There's a new (temporary) 'mixminion ping' command that you can use
        to tell whether a server is accepting connections.  It's potentially
        dangerous (if you go pinging all the servers in your path), and has
        a banner saying so.
      - The path selection syntax has changed to be more flexible.  (You can
        now specify a single random hop, or N random hops.)
Version: GnuPG v1.2.1 (GNU/Linux)