On Wed, 8 Aug 2001, Anonymous wrote:
We need a good mixmaster net.
working remailer: 1. Average latency less than 5 min
Bad. See the papers done on threats of traffic analysis/spam attacks against remailers.
2. Operator probably trustworthy
Impossible, and unnecessary. Don't assume any remops are trustworthy.
3. Less than 1 message dropped per 100,000 handled
This is the only goal that makes sense.
----- Original Message ----- From: "A. Melon" <juicy@melontraffickers.com> Subject: CDR: re: Remailer Phases
2. Operator probably trustworthy
Impossible, and unnecessary. Don't assume any remops are trustworthy.
Actually it is absolutely necessary. If all operators are willing to collude, then your precious anonymity is completely lost. A simple tracing methodology can establish this. The first remailer operator tracks the exact outgoing message to the next collusion, the second tracks to the third, etc until the message escapes, then the colluding operators track back through the list of remailers, linking based on the intermediate value being sent, until it reaches operator 1 who knows the sending address. This assumes a best case of the sender determining the path taken through encryption. Worst case the first operator can reveal the information to everyone. Joe
At 09:05 PM 8/7/01 -0500, Joseph Ashwood wrote:
----- Original Message ----- From: "A. Melon" <juicy@melontraffickers.com> Subject: re: Remailer Phases
2. Operator probably trustworthy
Impossible, and unnecessary. Don't assume any remops are trustworthy.
Actually it is absolutely necessary. If all operators are willing to collude, then your precious anonymity is completely lost.
Joe, you're obviously new to the game. The game is, design a protocol where you are resistant to some, but not complete collusion (aka node failure). And analyze as best you can your protocol's fault tree, including succeptibility to collusion.
Let me see if I've got your personal fantasy correct, because that's all it is. You believe that it is best to design a protocol that is somewhat resistant, and simply ignore it's faults. I strongly disagree, doing that is to put it bluntly stupid. The real game is to design a protocol and make it's strengths and weaknesses known. Anything else is just more stupidity. And for the record, I'm far from new. Joe ----- Original Message ----- From: "David Honig" <honig@sprynet.com> To: "Joseph Ashwood" <ashwood@msn.com>; <cypherpunks@einstein.ssz.com> Sent: Thursday, August 09, 2001 12:01 PM Subject: CDR: Re: re: Remailer Phases
At 09:05 PM 8/7/01 -0500, Joseph Ashwood wrote:
----- Original Message ----- From: "A. Melon" <juicy@melontraffickers.com> Subject: re: Remailer Phases
2. Operator probably trustworthy
Impossible, and unnecessary. Don't assume any remops are trustworthy.
Actually it is absolutely necessary. If all operators are willing to collude, then your precious anonymity is completely lost.
Joe, you're obviously new to the game.
The game is, design a protocol where you are resistant to some, but not complete collusion (aka node failure). And analyze as best you can your protocol's fault tree, including succeptibility to collusion.
participants (3)
-
A. Melon -
David Honig -
Joseph Ashwood