TAZ & Rewebber servers
Ian Goldberg and Dave Wagner have a paper on an implementation of something related to Ross Anderson's paper at: http://www.cs.berkeley.edu/~daw/cs268/ People interested in eternity service protocols etc, might find it interesting. The rewebber is a kind of chaining encrypting web proxy. Web proxies normally accept urls like so: http://http://somewhere.com/blah/ There paper allows you to have http://1231324adefgga1324324adefgga1324324adefgga1324 where 1231324adefgga1324324adefgga1324324adefgga1324 is an encrypted form of "http://somewhere.com/blah/". You can chain this. I didn't notice their paper announced here at the time they wrote it. They have an implementation, but source is not available directly due to export crapola. I guess you'll have to send them email if you want to try it out. They have a sample server up, and the TAZ server seems to work, but the rewebber seemed to be dead when I used it. It looks to me that you could combine eternity servers with rewebbers. Create a rewebber chain pointing at an article in an eternity server. Adam -- Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
Ian Goldberg and Dave Wagner have a paper on an implementation of something related to Ross Anderson's paper at:
Comments: - Nice paper - I think Lance Cottrell's name is spelled with two "t"s (Footnote 7). - Also, the anonymizer is now at Infonex.com rather than C2.net. - The mixture of rewebbers and TAZ servers is interesting; you can either have http://ENCRYPTED_PATH.taz/document.html or http://ENCRYPTED_PATH_AND_DOCUMENT_NAME as the URL, providing different kinds of security. The former makes it easier to find stuff, since the documents can have meaningful names, though //ENCRYPTED_PATH_AND_DOC// can point to //PATH1.TAZ/index.html which can point you to the encrypted URLs for document1.html, document2.html, etc. - You were awfully nice to the Onion Router folks; my take on their smaller set of features vs. PipeNet is that they didn't think of the other attacks. On the other hand, they were funded and working on a project for their jobs, so they did do the work to finish and implement it, which is of course a Good Thing. - Elliptic curve flavors of public-key are probably valuable. Nobody understands them well enough to explain to the non-math-wizard (:-), but they do appear to use substantially shorter keys and outputs. - Proxy caching is a mixed blessing. While caching does increase the difficulty of traffic analysis by reducing the number of requests that chain through to the end server, it increases the ability of Bad Guys to trace through the network using subpoenas, warrants, rubber hoses, or basic system cracking, because it leaves a trail of cached documents. Each system still has to be compromised to discover the next link in the chain, but caching makes it easier to verify that a compromise has been successful. - While rewebbers are less likely to be spammed than remailers, and less likely to annoy users, they're still annoying to the Powers That Be. The obvious attacks on the rewebber system are to post Scientologist Child Porn WareZ on the well-known rewebbers, post announcements to Usenet about its availability, and let the CoS and the Postal Inspectors go after them one by one. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp # (If this is a mailing list or news, please Cc: me on replies. Thanks.)
participants (2)
-
Adam Back -
Bill Stewart