Zack Weinberg wrote:
Depends on your threat model. If what you want to guard against is revealing the content of the database to untrusted parties, then yes, encryption gives no security if anonymous pulls of the entire database are allowed. If, however, you don't care about the database content but you *do* want to conceal the identities of everyone who is contributing, then you want to make anonymous pulls and keyed syncs indistinguishable to traffic analysis, and encrypting anonymous connections is necessary for that. [To be truly robust to traffic analysis you would have to do rather more work than just that, but you're dead in the water if anonymous pulls are unencrypted.] This is just the one example I thought of in two minutes; I'm sure there are others.zw
Wouldn't you be able to solve that with a measure that aims directly at traffic analysis attacks? The Onion Router (TOR) comes to mind.
-- Ulf
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Monotone-devel mailing list Monotone-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/monotone-devel