On Mon, Jun 16, 2014 at 11:18 AM, elijah <[email protected]> wrote: > On 06/14/2014 01:31 PM, Trevor Perrin wrote: > >> Some e2e messaging protocols make use of Tor Hidden Services. It's >> interesting to think about what value this adds: > > I used to think it was silly to use a low-latency network for latency > tolerant email-like messages. Onion routing is a poor substitute for a > mix network. > > On the other hand, creating and maintaining public infrastructure is no > small feat, as you have pointed out in the past, and until we have a > stable and large mix network infrastructure that can handle agnostic > message protocols it make some sense to use Tor in the mean time, at the > risk of people claiming security properties that it does not provide.
Sure, Tor is the thing we have. > Mix networks are not without their own problems [1], but there is much > room for improvement, depending on the tolerance for delay. I think that paper is about problems with "threshold mixes" which fire once they've received a certain # of messages; and doesn't affect "timed" or "stop-and-go" mixes, which seem the more obvious approach. But I'm no expert here. > In the long term, once the need is more clear, we should work on Tam: > The Agnostic Mixer. But such a thing only makes sense once you are sure > you can get a lot of traffic over it [2] . We will also need to > pedantically insist the 'a' and 'm' are lowercase. I googled that; sad it's not real :( Yeah, I do think the conventional wisdom is overly negative towards high-latency mixes (remailers, whatever: things that hold mesages for unpredictable time before forwarding). For example, > [2] "The public Tor network is orders of magnitude bigger and has orders > of magnitude more users than the largest public mix networks that have > existed. And this is one of several reasons that onion routing networks > may be more secure than mix networks: it is harder to have a realistic > global adversary against the much larger Tor network than against a > Mixmaster or Mixminion network." ibid. A casual reader might assume high-latency mix networks need the same scale and userbase as low-latency networks to be effective, and are similarly vulnerable to a GPA. But I don't think that's true. The security of a mix doesn't depend on having so many parts it's hard to observe them, it depends on the time delays and the number of users your traffic is being "mixed" with. Sending traffic through a single trusted mix, or a "cascade" of mixes run by a few different organizations, could be very effective. And getting a large population doesn't require the users send actual messages regularly, it just requires them to send dummy traffic, which is a lower bar... Trevor _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
