[ snip long security argument ]
PROPOSAL: Add a flag RandomRoute. This may be set when a request starts (up to the user). There is a 50% chance of its being unset. So on average it adds 2 hops to the journey - but there is a small chance of requests going much further than that. The advantage is that it greatly obscures the picture for a distant attacker, by starting off in a somewhat random part of the keyspace. NOTES: We could not overload HTL=10 because HTL is reset to 10 every time we get closer to the target: we *do not* want to go into random route mode just because we got a bit closer to the target! PROBLEMS: It reveals that the request is relatively early. This will make local correlation attacks even easier. So we should do it *after* we have premix routing, at which point that won't be a problem any more. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20071219/554298f2/attachment.pgp>
