Why can't gopherhole send a random number of messages with a user selected cap?
Bob just sends one tag request encrypted with gopherhole's public key, and gets between 5 and [User cap] messages. Even better, (Light bulb) Bob can send the number of messages he is currently equipped to filter along with the tag and gopherhole can modify this just a touch +/- 10% say just to keep Bob from getting lazy and asking for the same number all the time. Bob can then filter the tags himself with procmail or something. Just seems simpler and easier on the user while harder on traffic analysis.
Of course! If the gopherhole already has a keypair, it may as well be used as much as possible. Good idea.
With the right randomization and frequent tag changes, it is hard to associate bob with any tag. This problem becomes increasingly difficult if one introduces randomly generated tags and pgp messages and if the user keeps the message cap high (25-30). Bandwidth simply cannot be saved if the attacker is getting the downlink from gopherhole if you are using a tag system like this. The user just has to deal with 30 messages to best avoid the traffic analysis on this side. A tap on bob's line reveals that he may have a connection with any of 25-30 real or imaginary tags. One less thing to go on if you are an attacker, fake tags are a real headache. Some clever filtering method for tags would be a nice touch. All lowercase, all between four and seven letters and nouns or something...?
Yeah, it certainly isn't trivial to attack. However, I'd like to make sure that it's proveably hard. I'll sit down tonight and try to muddle through it.
-uni- (Dark)
Doug