[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Final receipients with unknown keys

To: mixminion-dev@freehaven.net
Subject: Final receipients with unknown keys
From: George Danezis <gd@theory.lcs.mit.edu>
Date: Tue, 17 Sep 2002 14:22:42 -0400 (EDT)
Delivered-To: archiver@seul.org
Delivered-To: mixminion-dev-outgoing@seul.org
Delivered-To: mixminion-dev@seul.org
Delivery-Date: Tue, 17 Sep 2002 14:22:44 -0400
Reply-To: mixminion-dev@freehaven.net
Sender: owner-mixminion-dev@freehaven.net

Dear all,

I just realized that there is no way that the final recipient in a 
forward anonymous communication can be reached using the IP method if 
his/her keys are not known to the sender. Knowing simply the hash of the 
key is not practical either since a lookup for the actual key would reveal  
the sender's intention to address a message to this user.

I suggest we define a way for the recipient of messages to check if the 
message is encrypted and only then decrypt it with their key. Otherwise 
just extract the TAG fields and body and treat it like if it had come via 
the SMTP method. Downside: the integrity of the message is no more 
guaranteed if the last node is not honest (middle man attack on links is 
still difficult because of the SSL connections).

The above might have other implications, or we might be able to solve the 
problem in other ways. Any ideas or comments?

Yours,

George

PS I came up with the above as I was defining the API that mixminion could 
provide.

Prev by Date: More about patents than you wanted to know
Next by Date: Re: (Re-)opening the API discussion.
Prev by thread: More about patents than you wanted to know
Next by thread: End to end Mixminion issues, with proposed solutions
Index(es):
- Date
- Thread