[messaging] SURBs (was: Replacing group signatures with HMAC in Pond)

Trevor Perrin trevp at trevp.net
Tue Jun 17 22:24:15 PDT 2014

On Tue, Jun 17, 2014 at 3:57 PM, Brian Warner <warner at lothar.com> wrote:
> Knowing that a SURB had really been spent was non-trivial, though (an
> intermediate node failure would render the SURB useless for the sender,
> but wouldn't notify the recipient that it was spent). If someone were to
> build SURBs into a new generation of mix network, it'd be nice if they
> automatically expired after some period of time.

I sort of wish someone would build a new generation of mix net without SURBs.

I guess SURBs could strengthen identity-hiding for recipients and
mailboxes, if Tor isn't sufficient.  But I think of Pond (and
Petmail?) as "relationship-hiding" systems more than
"identity-hiding".  And to obscure the sender / mailbox relationship,
all you need is the forward direction of the mix net.

Looking over Mixminion it seems like SURBs add a lot of complexity and
problems with stale paths that would be nice to avoid.


More information about the Messaging mailing list