
First let me say those were not my numbers, those numbers were supplied by another source, I simply reiterated them. ----- Original Message ----- From: "Jim Choate" <ravage@ssz.com> To: <cypherpunks@einstein.ssz.com> Sent: Saturday, August 11, 2001 6:19 PM Subject: CDR: Re: Mixmaster Message Drops
On Wed, 8 Aug 2001, Joseph Ashwood wrote:
Well assuming that the remailers are under attack, we start using
digital
signatures with initiation information stored in them. Mallet can introduce duplicates,
Duplicates are not drops, signatures do nothing for drops. You're changing the rules in the middle of the game.
Actually if you are simply testing the number of messages that come in versus the number that go out, duplicates are a worry. If we are ignoring the content then a message stream of 1,2,3,4,5,6,7,8,9,10,11,121,13,14,15,16,17,18,19,20 looks identical to 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 so that failure mode needs to be addressed, the individual signatures addresses that issue, which means that we can distinguish between the two message streams. This allow us to detect that numbers 13 and 17 for example) got dropped, and to cover the seperatation in the stream Mallet duplicated messages 7 and 11. This gives us a level of tracability that we can enforce ourselves outside of the network system. I believe that detecting and eliminating duplicates eliminates a very important activity that Mallet could perform to throw off our measurements.
Q: How to inject traffic into the remailer network anonymously?
through a set of trusted remailers,
Which we don't have if we accept your numbers. Depending on the technology you're trying to vet is a recipe for disaster (well Mallet won't think so).
Actually you can start with just one trusted remailer. If you can get in an personally inspect 1 remailer, or run it yourself, you can trust a single one. Once the single trust location has been established you begin routing information through that single entry point, and make use of that entry point to measure to depth 2. Once you have built trust in a depth 2 entry point, you can then test it as a depth 1, making sure that mallet doesn't allow just a single entry point proper passthrough. From there you will have 2+ entry points to begin more depth 2 tests, from 2+ locations to begin with, repeat until the trust base has reached the necessary levels. Of course this testing has to be maintained continually, but the ability to send a couple dozen messages through each remailer each day should provide enough maintenance power. Joe