[messaging] Panoramix decryption mixnet messaging spec and design documents

George Kadianakis desnacked at riseup.net
Mon Oct 30 11:12:40 PDT 2017 

dawuud <dawuud at riseup.net> writes:

>> 2. Why is a PKI necessary? On a quick read, Loopix paper doesn't seem to mention this. You have a brief justification in pki.txt but the text does not make complete sense to me: "it gives each client the same view of the network, it links mix IDs to public routing keys."
>> 
>>   - If by "same view" you mean "same view of crypto identities" then this suggests the network can't scale, as I was worried about above.
>>   - If by "same view" you mean "same view of online/offline nodes" I think this is impossible to achieve due to well, networks being unreliable.
>> 
>>   If mix IDs are simply the public routing keys themselves, does that avoid the need for a PKI? I suppose you still need to map public keys to physical addresses, but there's probably an existing system you could re-use for that purpose.
>
> Yes you are right to point out the vagueness in the PKI spec draft I
> sent you.  Mixnets like Tor require a PKI that clients can query to
> gain a view of the network so that path selection is possible. Like
> Tor's Directory Authority system we need to store various bits of
> information about each mix in say, a "mix descriptor".
>
> By "same view" I mean each client (just like in Tor) should receive
> the same network consensus document. The client uses this for path
> selection.
>

Might be worth mentioning here that Tor's design does not actually
ensure that "each client should receive the same network consensus
document".

There are multiple valid consensus documents at every point in time, and
each client should have a valid one, but that doesn't mean they all have
the same one.

The Tor network makes a consensus document every 60 minutes, and clients
are not instructed to immediately fetch it because that would cause a
"thundering herd" problem. So each client has its own consensus download
schedule, which means that different clients will have different consensuses.

Not sure if that invalidates any loopix assumptions but thought it might
be worth mentioning it.

More information about the Messaging mailing list