Hello P2P-Hackers, My name is Sir Valiance and I am posting a conversation that took place on Twitter a few days back regarding the current state of anonymous remailers, specifically Mixmaster http://mixmaster.sourceforge.net/ and Mixminion http://mixminion.net/. A little background information on the dialog, I have recently starting working on updating Mixminion's codebase to advance the state of anonymous remailers and help develop a larger userbase. The conversation begins with the following individuals showing interest in discussing Mixminion and advances into discussing other remailer issues. It was suggested that someone collect the dialogue and post it to a mailing list, so I followed the conversation and hashtags and made an attempt at "threading" and organizing it the best I could to make it readable. Hopefully the posting here will inspire analysis and discourse on the current state of anonymous remailers. At the end of the conversation I said that I would be posting this to remailer@librelist.com but then it was suggested that p2p-hackers would be a better place so I will cross-post for now. I will be posting a follow up message and my thoughts on what can be done, what I plan to work on, and a general response to some of the issues discussed previously in the next few days. Thank You, Valiance The individuals involved in the conversation: https://twitter.com/#!/sirvaliance/ (Me) https://twitter.com/#!/lensassaman https://twitter.com/#!/antagonismorg https://twitter.com/#!/zooko https://twitter.com/#!/nickm_tor https://twitter.com/#!/maradydd https://twitter.com/#!/TomRittervg https://twitter.com/#!/hellais * Conversation Begins * lensassaman: @sirvaliance How's it going, coming up to speed on Mixminion? When I'm back in Leuven we should really talk; Sphinx is the better primitive. sirvaliance: @lensassaman It is going quite well I think. No code the past couple days, just reading about the topic. sirvaliance: @lensassaman I would love to talk about your thoughts on mixminion, etc.! I will be working on it this weekend. nickm_tor: @sirvaliance I would love to talk about mixminion ideas. I don't have time to hack on it these days, but I still care about the design. sirvaliance: @nickm_tor Awesome! I am still early in researching the topic so the only work so far was maintenance. sirvaliance: @nickm_tor I would love to talk as well and I will be sure to keep you updated! zooko: @sirvaliance @lensassaman I'd love to listen in on that conversation, too. I still think I was right about http://x.co/Xbda http://x.co/Xbdf lensassaman: @zooko Can't shift gears to fully grok those messages right now; on deadline for a different topic. But, you're aware of ... cc/@sirvaliance lensassaman: @zooko ... Minx and Sphinx right? Both are advances on Mixminion's tagging attack protection. Minx is broken, I think, but ... @sirvaliance zooko: @lensassaman @sirvaliance I never really grokked Sphinx in its fullness, and hadn't even heard of Minx! lensassaman: @zooko ... introduced some new ideas; there's also been some work in provable constructions against tagging attacks. @sirvaliance lensassaman: @zooko ... introduced some new ideas; there's also been some work in provable constructions against tagging attacks. @sirvaliance lensassaman: @sirvaliance Okay; you'll want to look at how Mixmaster did things, too, and if you can, read over the ML archives about Mixmaster 4.0. sirvaliance: @zooko @lensassaman @nickm_tor I am going to start collecting the research on the topic and find a central location to publicly post it. lensassaman: @sirvaliance @zooko @nickm_tor Well, there *already* is a central location for mix-net related research: the Anonbib. sirvaliance: @zooko @lensassaman @nickm_tor I meant a site devoted to cypherpunk issues, not just anonymity papers and research. lensassaman: @sirvaliance @zooko @nickm_tor Ah, gotcha. That would, indeed, but useful. The question is, what do you decide *isn't* relevant? tomrittervg: @lensassaman @sirvaliance If it would get more replies on liberation-tech, /r/crypto, randombit or wherever - people will put it there. zooko: @TomRittervg @lensassaman @sirvaliance You're welcome to use p2p-hackers, too. lensassaman: @zooko @TomRittervg @sirvaliance p2p-hackers really is where the cypherpunk-like discussions happen these days, so for a wider audience, do. nickm_tor: #mixminion IMO the current top 10 problems with mixminion don't begin to include any need to change its crypto a la minx/sphinx. nickm_tor: Top 11 #mixminion issues: 11.Should be modular 10.Should use mlock and encrypted storage 9.Dummies and link padding might be workable today nickm_tor: #mixminon issues ct'd 8. Die, SHA1, Die! 7. IPv6 support 6. Needs a nymserver. 5. Needs a less fascist envelope format: E2E-spec is crud nickm_tor: #mixminion issues ct'd: 4. DH-768? In 2011?? 3. The crypto should be a C library. 2. The directory protocol is a single point of failure. nickm_tor: And the number 1 remaining #mixminion issue IMO: It's unclear to me whether anon remailers can get enough users to provide them anonymity. lensassaman: #mixminion From my perspective as Mixmaster maintainer, I'm where I was in 2003; wanting a next-gen protocol that solves *my* list of probs. lensassaman: @nickm_tor @sirvaliance I've been thinking about getting Mixmaster 3.2 working on Android, then bringing it up to speak Mixminion; how well @nickm_tor @sirvaliance trusted is Sphinx, really? There's advantages to using it because of the use of ECC if we're talking SMS mixing. sirvaliance: @lensassaman @nickm_tor I was actually thinking about doing the exact same thing to #mixminion (mixminion/master) on Android sirvaliance: @lensassaman @nickm_tor My "day job" right now is building Android/iPhone applications and the first thought was how to port #mixminion maradydd: @lensassaman @sirvaliance @nickm_tor FYI whoever did the Tor NDK port left incredibly helpful instructions, thanks for that nickm_tor: @lensassaman @sirvaliance @zooko we ought to start talking using a #mixminion tag. lensassaman: @nickm_tor @sirvaliance @zooko Agreed. Topic of discussion: is Sphinx a suitable message format for Type III remailers? #mixminion nickm_tor: @lensassaman @sirvaliance @zooko IIRC Sphinx is suitable for #mixminion use, but like I said replacing the crypto isn't a top-10 need. nickm_tor: And the number 1 remaining #mixminion issue IMO: It's unclear to me whether anon remailers can get enough users to provide them anonymity. nickm_tor: #mixminion issues ct'd: 4. DH-768? In 2011?? 3. The crypto should be a C library. 2. The directory protocol is a single point of failure. sirvaliance: @nickm_tor @lensassaman @zooko I am new to the topic, but the #mixminion directory protocol jumped out as needing some reworking. nickm_tor: @sirvaliance dir-agreement.txt has a proposed improved #mixminion dir format; can't recall if I still like it. Probably needs revision. lensassaman: @sirvaliance The #Mixminion Directory Protocol has a *lot* of problems; I suspect it was a stub. You really want something like Leuchtfeuer. nickm_tor: @antagonismorg Whatever we need to build to get enough users, #mixminion and other remailers don't IMO have it yet. Not sure what it is. tomrittervg: @nickm_tor @antagonismorg I'm pretty sure it's a user experience that's easy to use and understand. #mixminion nickm_tor: @TomRittervg @antagonismorg IMO the biggest userexperience issues are easy replies, long-term nyms, and <30min arrival times. Maybe GUIs too sirvaliance: @nickm_tor @TomRittervg @antagonismorg Definitely GUI's, I don't think you should have to know your way around a command line to be anon. nickm_tor: @TomRittervg @antagonismorg But for <30min arrival times to be safe, we would need far more users. Possible chicken and egg antagonism: @nickm_tor TomRittervg how did Tor get around that issue when it started. nickm_tor: @antagonismorg By telling hacker types "this is experimental stuff; give it a try!" But anonymity of low-latency nets scales differently. antagonismorg: @TomRittervg users understand why to use Tor, anon mailing they don't seem to. antagonismorg: @nickm_tor In regards to issue 1, I think if we build it, they will come. nickm_tor: @antagonismorg Whatever we need to build to get enough users, #mixminion and other remailers don't IMO have it yet. Not sure what it is. sirvaliance: @nickm_tor @antagonismorg @lensassaman I had some ideas for mobile apps, possibly even a web app (do not know yet know practical web is) antagonismorg: @sirvaliance look into pyano for a web interface for mixmaster nickm_tor: @sirvaliance The problem with a webapp is: how do you know that an untrusted site is giving you a good anonymizer? #mixminion nickm_tor: @sirvaliance ...and if the website is trusted, why not just use them as a one-hop relay? sirvaliance: @nickm_tor In the case for the webapp, I was thinking for the not so technically advanced users. To at least give them something. sirvaliance: @nickm_tor I was thinking more like Tor Exit Enclave ==> Web App ==> Mixminion. Maybe not very well thought out though. nickm_tor: @sirvaliance If webapp is untrusted, I'm not sure that would provide more anonymity than Tor exit enclave ==> Web App ==> SMTP... nickm_tor: @sirvaliance But if webapp is honest, I'm not clear what the Tor step gets you. More thought needed. nickm_tor: (I never got my C #mixminion backend working, but the packet format is mostly there, and ISTR liking the api.) lensassaman: #mixminion I'd really like to see an implementation done in Haskell, if we were doing it from the ground up, architected a la postfix. sirvaliance: @lensassaman DJB's qmail is also an excellent implementation of this concept. lensassaman: #mixminion Mixmaster 2.0.x lent itself to "compile as library, link" easily, and we had a number of plugins based on it as well as wrappers. nickm_tor: Just asked Ian G: he says Sphinx had code at http://crysp.uwaterloo.ca/software/Sphinx-0.8.tar.gz . #mixminion people might be interested. fpietrosanti: @nickm_tor any clue on leveraging tor existing network to make a #mixminion like email system alive? nickm_tor: @fpietrosanti Not per se; my #mixminion issues are ones Tor wouldn't solve, or wouldn't solve consistently with minion's threat model. hellais: @nickm_tor do you recon #mixminion plus hashcash would be able to provide anonymous email over tor while avoiding spam? nickm_tor: @hellais the paper "proof of work proves not to work" argues that any POW system hard enough to slow spam would impact users unacceptably. sirvaliance: @zooko @lensassaman @nickm_tor I would like to put together some sort of a mailing list, maybe even a crypto http://news.ycombinator.com sirvaliance: @lensassaman @zooko @nickm_tor I am thinking about taking http://lamsonproject.org/ and building a web-app, mailing-list hybrid. tomrittervg: @sirvaliance @zooko @lensassaman @nickm_tor Revitalizing remailers is very encouraging. I'm interested, pretty sure @antagonismorg is also antagonismorg: @TomRittervg most definitely, @lenassaman @zooko @sirvaliance @nickm_tor lensassaman: @nickm_tor @sirvaliance Oh! Now, that's *rather* useful. #mixminion nickm_tor: @sirvaliance 140-char limit is getting annoying. You seem most anonymous here: what works for you? IRC? Lists? RFC2549? Other? qbi: Oh @lensassaman does some brainstorming on #Mixminion. Good ideas. Maybe collect them and discuss on mailing list? lensassaman: @qbi Not just me; @nickm_tor and @sirvaliance kicked it off; check the #mixminion tag. lensassaman: #mixminion I think we absolutely must have clean separation between the discrete components in the remailer software, akin to postfix. lensassaman: #mixminion I'd like to see a crypto exe, a pool mix exe, a MMTP exe, a remailer function API, etc; GUIs should be drop-in-able. antagonismorg: @lensassaman definitely like that idea, monolithic programs are hard to review/understand lensassaman: @antagonismorg *nod* That's why I dislike them in general; in this case, it's also key to allow for easy functionality transfer. lensassaman: @antagonismorg My vision is "one protocol set, many implementations." The code that runs on phones may not be what runs on laptops. lensassaman: #mixminion I think forward and reply messages need to be considered separate until something much more clever than SURBS is invented. lensassaman: #mixminion I note that Mixmaster's approach (don't do replies) simply meant people kept using the Type I reply blocks (MURBS), and cringe. lensassaman: #mixminion I don't know that there is a really good solution here. I do think SURB functionality is useful for other reasons, though. lensassaman: #mixminion I'd really like to see an implementation done in Haskell, if we were doing it from the ground up, architected a la postfix. lensassaman: #mixminion I will argue the ability to create wrappers for, or embed the code for, the remailer client is what drives usability advances. lensassaman: #mixminion Mixmaster 2.0.x lent itself to "compile as library, link" easily, and we had a number of plugins based on it as well as wrappers. lensassaman: #mixminion Mixmaster 2.9/3.0 really broke that ability, and so we were never able to fully phase out the 2.0.x codebase. lensassaman: #mixminion Eventually, things like Quicksilver (the remailer client for Windows that relied on Mixmaster 2.0.x for its crypt) bit-rotted. lensassaman: #mixminion Maybe we should take this to a mailing list, though. I'm done for the night; have real work to do. sirvaliance: @lensassaman @zooko @nickm_tor In the mean time, I set up a temp list at http://librelist.com. Email remailer@librelist.com to subscribe. sirvaliance: @TomRittervg @maradydd @antagonismorg To continue, I set up a temp list at http://librelist.com. Email remailer@librelist.com to subscribe. sirvaliance: @lensassaman @qbi @nickm_tor I will compile todays conversation into a post on the list remailer@librelist.com. @qbi send a message to sub. * Conversation Ends * _______________________________________________ p2p-hackers mailing list p2p-hackers@lists.zooko.com http://lists.zooko.com/mailman/listinfo/p2p-hackers ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE