RE: Two Observations on the IETF Plenary Wiretap Vote
Lucky Green [EMAIL PROTECTED] writes: Over the years, using Wei Dai's term Pipenet (or Pipe-net, as it was spelled originally) has firmly been established as denotating an anonymous IP network that uses constant or otherwise data independent "pipes" between the nodes of the network. Since Freedom uses link padding, I would consider Freedom a Pipenet. It has been the recognition that data-independent traffic flows are a necessary design component of a secure anonymous IP network, especially between the end-user and the first network node, that sets Pipenet designs apart from naive implementations such as the first generation Onion Routers and Crowds. Does Freedom do this? The white paper at http://www.zeroknowledge.com/products/Freedom_Architecture.html describes padding between AIP (Anonymous Internet Proxy) nodes: : Reading the list of neighbors, the AIP sends "PADDING" packets through : UDP to the neighbors. These packets have the same size as payload packets : to provide "for free" cover traffic. The use of PADDING packets and cover : traffic introduces the notion of a Heartbeat amongst the AIPs. A heartbeat : is defined as the time delay at which a packet must leave the machine for : a specific neighbor, hiding any information of the AIP server's status : (idle or busy). The heartbeat concept prevents traffic analysis to a : significant degree. Since packets are sent out on a regular basis, and : knowing the rate at which these heartbeat packets arrive at a machine, : an AIP can determine if a neighbor is unreachable since it will fail to : send an ALIVE packet after a certain amount of time. PADDING packets : further prevent traffic analysis by maintaining a constant data flow : between the AIPs. In addition, all data is link encrypted between two : adjacent routers with a shared session key. However the diagram does not show the end user's "client" node as an AIP node. The document further identifies the AIP as a subsystem of a Freedom Server node. These are the "mix" nodes and are a separate set than the client nodes. This documentation would apparently be consistent with the use of link padding between the nodes of the network but not between the user's machine and the node where it enters the network. As Lucky points out, padding from the end-user to the first network node is important. We need a clear description of the Freedom architecture which answers this question.
WSJ: Crypto Regs begin circulating today (was Re: INTERNET LAWNEWS - NOVEMBER 15, 1999)
At 9:20 AM -0500 on 11/15/99, Michael Geist wrote: CONCERN OVER CRYPTO REGS Concern continues to grow over the Clinton administration's forthcoming crypto export regs. A new draft may be circulated internally as soon as today, reports the WSJ. http://interactive.wsj.com/articles/SB942621233614972446.htm Internet Law News is compiled weekdays by Professor Michael Geist of the University of Ottawa Law School. During this startup period, permission is granted to freely distribute this issue in its entirety to colleagues, students, friends or other interested parties. To subscribe to this free service, send an email to [EMAIL PROTECTED] with the message "subscribe net news". Please send any comments or suggestions for future issues to Michael Geist at [EMAIL PROTECTED] or visit his Web site at http://www.lawbytes.com. - Robert A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
RE: Two Observations on the IETF Plenary Wiretap Vote
lcs Mixmaster Remailer writes: Lucky Green [EMAIL PROTECTED] writes: Over the years, using Wei Dai's term Pipenet (or Pipe-net, as it was spelled originally) has firmly been established as denotating an anonymous IP network that uses constant or otherwise data independent "pipes" between the nodes of the network. Since Freedom uses link padding, I would consider Freedom a Pipenet. It has been the recognition that data-independent traffic flows are a necessary design component of a secure anonymous IP network, especially between the end-user and the first network node, that sets Pipenet designs apart from naive implementations such as the first generation Onion Routers and Crowds. This documentation would apparently be consistent with the use of link padding between the nodes of the network but not between the user's machine and the node where it enters the network. As Lucky points out, padding from the end-user to the first network node is important. We need a clear description of the Freedom architecture which answers this question. I utterly fail to see what's wrong with mixmaster, other than the fact that the sole implementation is no longer supported. The concept seems fine, it's just the implementation that's lacking. If I had anything resembling copious spare time, I'd take it over, and write a Windows version as well. -- -russ nelson [EMAIL PROTECTED] http://russnelson.com Crynwr sells support for free software | PGPok | Government schools are so 521 Pleasant Valley Rd. | +1 315 268 1925 voice | bad that any rank amateur Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | can outdo them. Homeschool!
Re: Two Observations on the IETF Plenary Wiretap Vote
On Mon, Nov 15, 1999 at 07:20:13AM -, lcs Mixmaster Remailer wrote: | Over the years, using Wei Dai's term Pipenet (or Pipe-net, as it was spelled | originally) has firmly been established as denotating an anonymous IP | network that uses constant or otherwise data independent "pipes" between the | nodes of the network. Since Freedom uses link padding, I would consider | Freedom a Pipenet. | | It has been the recognition that data-independent traffic flows are a | necessary design component of a secure anonymous IP network, especially | between the end-user and the first network node, that sets Pipenet designs | apart from naive implementations such as the first generation Onion Routers | and Crowds. | | Does Freedom do this? The white paper at | http://www.zeroknowledge.com/products/Freedom_Architecture.html describes | padding between AIP (Anonymous Internet Proxy) nodes: The traffic shaping code has issues, in V1 it will be turned off. Incidentally, the whitepaper you're looking at is close to retirement, a newer, more accurate one will be out shortly. In addition, we'll be releasing our security analysis, which includes all of this, at about the same time. Adam | : Reading the list of neighbors, the AIP sends "PADDING" packets through | : UDP to the neighbors. These packets have the same size as payload packets | : to provide "for free" cover traffic. The use of PADDING packets and cover | : traffic introduces the notion of a Heartbeat amongst the AIPs. A heartbeat | : is defined as the time delay at which a packet must leave the machine for | : a specific neighbor, hiding any information of the AIP server's status | : (idle or busy). The heartbeat concept prevents traffic analysis to a | : significant degree. Since packets are sent out on a regular basis, and | : knowing the rate at which these heartbeat packets arrive at a machine, | : an AIP can determine if a neighbor is unreachable since it will fail to | : send an ALIVE packet after a certain amount of time. PADDING packets | : further prevent traffic analysis by maintaining a constant data flow | : between the AIPs. In addition, all data is link encrypted between two | : adjacent routers with a shared session key. | | However the diagram does not show the end user's "client" node as an | AIP node. The document further identifies the AIP as a subsystem of a | Freedom Server node. These are the "mix" nodes and are a separate set | than the client nodes. | | This documentation would apparently be consistent with the use of link | padding between the nodes of the network but not between the user's | machine and the node where it enters the network. As Lucky points | out, padding from the end-user to the first network node is important. | We need a clear description of the Freedom architecture which answers | this question. -- Resistance is futile! http://jobs.zeroknowledge.com
