Mixmaster Message Drops

Joseph Ashwood ashwood at msn.com
Sat Aug 11 15:14:34 PDT 2001



----- Original Message -----
From: "Jim Choate" <ravage at ssz.com>
To: <cypherpunks at einstein.ssz.com>
Sent: Saturday, August 11, 2001 7:07 PM
Subject: CDR: Re: Mixmaster Message Drops


>
> On Sat, 11 Aug 2001, Joseph Ashwood wrote:
>
> > Actually you can start with just one trusted remailer.
>
> Bull.

Well technically you begin by granting trust to someone, the easiest being
yourself. Then you build trust in something else, use trust in one thing to
build trust in another. Regardless you have to establish trust in a single
location, before you can build trust in multiple.

>
> > If you can get in an personally inspect 1 remailer, or run it yourself,
you
> > can trust a single one.
>
> Only so long as you have a process to vet its current behabiour against
> past behaviour.

I'm only worrying about future behavior, the past being something that will
never matter again in the behavior of the system, especially since we can't
plan on testing "in the past." In this particular case we are only concerned
with whether or not it will forward every message sent to it within some
very tight bounds so it is unlikely that a non-malicious entity would change
the configuration, if the configuration is changed in that respect then it
will be detected later on during the testing phase. The issue being that it
will represent other remailers as undependable, possibly while making itself
look flawless. This is a very difficult problem to solve.

> As to remailers you don't operate, you're trust with
> respect to 'getting in' lasts until you walk out.

But we can build trust in it's ability to forward messages in a way that is
for some definition anonymous, in particular the project is to eliminate
it's dropping of messages either at random or maliciously, or at least
determine which remailers perform the dropping and with what rate.

> Once you're gone the
> potential for re-config'ing the remailer is present.

Which won't matter because the particular behavior we are trying to detect
will be reported on if they change, simply by the fact that the messages
will be dropped. All we're trying to do is build trust in the ability of a
single location to begin an anonymous analysis of the abilities of the
others to forward messages without dropping any (save a small ratio).
                    Joe





More information about the cypherpunks-legacy mailing list