On Thursday 03 January 2008 02:07, Michael Rogers wrote: > Matthew Toseland wrote: > >> There's a tradeoff here: large cells provide a large anonymity set if > >> the attacker's outside the cell, but they make it more likely that > >> there's an attacker inside the cell who can attack key distribution etc. > > > > Sure, but inside the cell it's harder to attack than outside it, surely that > > is the whole point? Tor, I2P, Mixmaster and other traditional onion routers > > (apart from spanning tree impl's) use a whole-network cell. > > Right, but they all fudge the key distribution problem. Tor and > Mixminion use central directory servers; I2P uses a DHT made of > untrusted nodes; Tarzan uses an insecure and unscalable gossip protocol; > MorphMix uses an insecure collusion detection mechanism [1]. > > I understand why premix routing is preferable to tunnels but you have to > solve the key distribution problem - your credibility score proposal > sounds promising but I'm not sure it's possible to make it Sybilproof > and still ensure that all nodes agree about the topology.
Well, is it possible for each node to choose which nodes it trusts and still be secure? Last I looked you'd get a lot of oscillation problems, statistical attacks (proportion of requests - correlate with how many nodes are within the target's horizon etc). > > Cheers, > Michael > > [1] http://www.crhc.uiuc.edu/~nikita/papers/pet2006-morphmix.pdf -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20080104/04bac2e7/attachment.pgp>
