Re: Latency vs. Reordering (Was: Remailer ideas (Was: Re: Latency vs. Reordering))
In message <199408070216.TAA09025@jobe.shell.portal.com> Hal writes:
This suggests, that IF YOU COULD TRUST IT, a single remailer would be just as good as a whole net. Imagine that God offers to run a remailer. It batches messages up and every few hours it shuffles all the outstanding messages and sends them out. It seems to me that this remailer provides all the security that a whole network of remailers would.
If this idea seems valid, it suggests that the real worth of a network of remailers is to try to assure that there are at least some honest ones in your path. It's not to add security in terms of message mixing; a single remailer seems to really provide all that you need.
Yes, in an ideal world. Each additional remailer introduces another chance of being compromised. But in an ideal remailer network operated by real human beings, you cannot trust the operator. You would prefer that at least the points of entry and exit from the network be different, because this decreases the probability of the message being 'outed' by a very large factor. If you are seriously concerned about legal factors, you would prefer that the remailer gateways be in different legal jurisdictions. However, if you trust the operator and if this trust is guaranteed to be continued forever, the ideal number of remailers is one. -- Jim Dixon
jdd@aiki.demon.co.uk (Jim Dixon) writes:
In message <199408070216.TAA09025@jobe.shell.portal.com> Hal writes:
If this idea seems valid, it suggests that the real worth of a network of remailers is to try to assure that there are at least some honest ones in your path. It's not to add security in terms of message mixing; a single remailer seems to really provide all that you need. Yes, in an ideal world. Each additional remailer introduces another chance of being compromised.
Once again I find myself with an understanding that is exactly the opposite of Jim's. I must be missing the point of his network design. In the remailer networks I am familiar with, each additional remailer introduces another chance of being uncompromised, rather than being compromised! Only if all the re- mailers in the chain are cooperating and logging messages can they recon- struct the path my message took. If any one remailer is honest, my message is successfully mixed with the others. A design in which any one remailer in the chain can compromise the privacy of the user seems to have a very big flaw.
But in an ideal remailer network operated by real human beings, you cannot trust the operator. You would prefer that at least the points of entry and exit from the network be different, because this decreases the probability of the message being 'outed' by a very large factor. If you are seriously concerned about legal factors, you would prefer that the remailer gateways be in different legal jurisdictions.
Yes, this makes a lot of sense. Use different jurisdictions to make attacks by government agencies more difficult, use multiple remailers in a chain, etc. I just don't follow the earlier comment which suggests a different model of information exposure than I use. Hal
Jim Dixon writes: (quoting Hal Finney)
If this idea seems valid, it suggests that the real worth of a network of remailers is to try to assure that there are at least some honest ones in your path. It's not to add security in terms of message mixing; a single remailer seems to really provide all that you need.
Yes, in an ideal world. Each additional remailer introduces another chance of being compromised.
No, I'm afraid you have this backwards. A remailer cannot introduce a chance of increase the chance of being compromised. (I'm assuming that nested encryption is used, as all "ideal mixes" should use this, cf. Chaum. The bastardized version we play around with, in which encryption is skipped, is entirely unsecure.) Perhaps I am misunderstanding you (Jim) here, but in no conceivable way can I imagine that "Each additional remailer introduces another chance of being compromised." Perhaps each additional remailer can increase the chance of not forwarding the mail properly--as might be done in a denial of service attack--but this does not mean security is compromised. The remailer chain as strong as strongest link point that Hal and others have made.
However, if you trust the operator and if this trust is guaranteed to be continued forever, the ideal number of remailers is one.
Since the trust in remailers in not unity, and since the addition of remailers can only increase security and not decrease it, the ideal number of remailers is greater than one. Else, using the "trick" I described in my last post, simple establish that one is a remailer and then stop bothering with other remailers. (Not that I recommend this, for various reasons.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."
participants (3)
-
Hal -
jdd@aiki.demon.co.uk -
tcmay@netcom.com