[messaging] Tor Hidden Services in (Cables, SMTorP, Pond)

Trevor Perrin trevp at trevp.net
Tue Jun 17 14:02:54 PDT 2014 

On Mon, Jun 16, 2014 at 11:18 AM, elijah <elijah at riseup.net> wrote:
> On 06/14/2014 01:31 PM, Trevor Perrin wrote:
>
>> Some e2e messaging protocols make use of Tor Hidden Services.  It's
>> interesting to think about what value this adds:
>
> I used to think it was silly to use a low-latency network for latency
> tolerant email-like messages. Onion routing is a poor substitute for a
> mix network.
>
> On the other hand, creating and maintaining public infrastructure is no
> small feat, as you have pointed out in the past, and until we have a
> stable and large mix network infrastructure that can handle agnostic
> message protocols it make some sense to use Tor in the mean time, at the
> risk of people claiming security properties that it does not provide.

Sure, Tor is the thing we have.


> Mix networks are not without their own problems [1], but there is much
> room for improvement, depending on the tolerance for delay.

I think that paper is about problems with "threshold mixes" which fire
once they've received a certain # of messages; and doesn't affect
"timed" or "stop-and-go" mixes, which seem the more obvious approach.
But I'm no expert here.


> In the long term, once the need is more clear, we should work on Tam:
> The Agnostic Mixer. But such a thing only makes sense once you are sure
> you can get a lot of traffic over it [2] . We will also need to
> pedantically insist the 'a' and 'm' are lowercase.

I googled that; sad it's not real :(

Yeah, I do think the conventional wisdom is overly negative towards
high-latency mixes (remailers, whatever: things that hold mesages for
unpredictable time before forwarding).

For example,

> [2] "The public Tor network is orders of magnitude bigger and has orders
> of magnitude more users than the largest public mix networks that have
> existed. And this is one of several reasons that onion routing networks
> may be more secure than mix networks: it is harder to have a realistic
> global adversary against the much larger Tor network than against a
> Mixmaster or Mixminion network." ibid.

A casual reader might assume high-latency mix networks need the same
scale and userbase as low-latency networks to be effective, and are
similarly vulnerable to a GPA.  But I don't think that's true.

The security of a mix doesn't depend on having so many parts it's hard
to observe them, it depends on the time delays and the number of users
your traffic is being "mixed" with.  Sending traffic through a single
trusted mix, or a "cascade" of mixes run by a few different
organizations, could be very effective.

And getting a large population doesn't require the users send actual
messages regularly, it just requires them to send dummy traffic, which
is a lower bar...


Trevor

More information about the Messaging mailing list