[Cryptography] Email and IM are ideal candidates for mix networks
Perry E. Metzger
perry at piermont.com
Sun Aug 25 19:26:11 EDT 2013
On Sun, 25 Aug 2013 16:04:59 -0700 "Christian Huitema"
<huitema at huitema.net> wrote:
> I think we can agree that the first step is to deploy home servers,
> and that the first application there would to host communication
> applications. Just doing that without much other change would
> already provide protection against the "silent spying" that goes on
> in big cloud servers.
>
> Initial deployment of anything must provide an immediate reward to
> the early adopters. You cannot rely on a network effect, and that
> means you can certainly not request third parties to adopt a new
> protocol. So better pinch our noses and say that, of course, we
> will accept SMTP mail. Probably SIP as well, and XMPP. We just need
> at first to make sure that the home server is easy to deploy and
> maintain. Then the adopters get the immediate reward, "nobody can
> go through my mail archives without asking me."
I do not disagree, and given a home server, supporting whatever
protocols are popular is merely a matter of software. One reason I
split that proposal (more to come!) into multiple messages was
because I think the issues are somewhat distinct, and home servers
would be of use regardless.
That said, I personally don't need much of a "network effect" to make
things like secure IM useful to me. I exchange instant messages all
day long, but only with about a dozen people for the most part.
I don't need the whole world to switch to a new IM system for me to be
much happier, just that dozen people.
My email network is somewhat wider, but even there, I'd get
incremental benefit from a new protocol. The trick is to make it easy
to do the old and the new at the same time. Most IMAP and Jabber
clients will happily handle multiple "accounts", however, so I don't
even have to choose if the client access protocol remains the same.
> The various P2P enhancements come next, once there already is a
> network of home servers. The obvious one is a communication
> application that beats traffic analysis by embedding its own
> "shuffling" or "onion routing." I don't think we can run anything
> like that directly on a phone, it would drain the battery way too
> quickly.
It might not if the total traffic was quite low (even if my IM
traffic in bytes or packets was 10x larger because of a mix network
participation, it would still be tiny compared to even a couple of
phone calls a day). Still, I tend to agree that home nodes make
better mix participants.
--
Perry E. Metzger perry at piermont.com
More information about the cryptography
mailing list