[Cryptography] Summary of the discussion so far
mkington at webhanger.com
Sat Sep 14 05:16:18 EDT 2013
On 13 Sep 2013, at 21:46, Nico Williams wrote:
> On Fri, Sep 13, 2013 at 03:17:35PM -0400, Perry E. Metzger wrote:
>> On Thu, 12 Sep 2013 14:53:28 -0500 Nico Williams
>> <nico at cryptonector.com> wrote:
>>> Traffic analysis can't really be defeated, not in detail.
>> What's wrong with mix networks?
> First: you can probably be observed using them. Unless too many people
> use mix networks you might just end up attracting unwanted attention:
> more passive surveillance, maybe even active attacks (at the limit very
> physical attacks).
I do wonder what the problem with being observed using it is though. I
understand the problem and the want to not have traffic analysis done
on your communications but what's the practical effect on your communications
if they are?
If I think about what I'm bothered about. I do work part-time for an arm of
government. I don't like the idea that someone is out there with a big ear-trumpet
recording all my communications. I like to be able to discuss the rights &
wrongs of mass surveillance but at the same time I don't want to be labelled
a dangerous subversive. I like to have a moan about things I dislike but
I don't want those to re-appear at some meeting where I'm called in for
a meeting, hat on, without coffee. At least not where I've not been compelled
to produce them (at least I know what's coming!). So privacy on the messages is important to me but not
necessarily is it of *equal* importance that my communications partners are hidden. I might swap emails
with Ben, Ben likes a good moan too, we both work for the same branch.
The fact that I work with Ben and talk to him is neither here nor there.
For example, Hemlis is taking on the problem of obscuring traffic with regards
to the 'who' you're talking to and not just the 'what'. I wonder how important
that is, really, especially when they're talking about centralised control of
user information to ensure security, but haven't addressed what happens
when they're compelled to help people game their own system (the it's ok, we'll
go to prison before we help the spooks I always find a bit weak, what if they
turn up with a car battery and a pair of pliers?) It's not clear how they're going to do
any of this yet. All in all they seem to have good intentions but I fear they're falling
into the trap of trying to solve the 'interesting' problems as a priority without having
a consistant plan.
I'm sure they'll come up with some sort of mix network.
> Second: I suspect that to be most effective the mix network also has to
> be most inconvenient (high latency, for example). That probably means
> mix networks won't be popular enough to help with the first problem.
As Perry points out in his August posts, latency is less important although
for instant messaging traffic people do kind of want 'instant' for a low enough
value of latency. The latency though is only of massive importance if it's critical
that who you talk to be obscured as well. If you have *some* idea
of the people in a network who are communicating with each other there
also needs to be enough bandwidth to hide your messages in, as you're
probably already observing the traffic close (or fairly close) to the endpoint
it's being delivered to.
I took an approach in the system that I built of batching messages together
inside an encrypted bundle and padding them with junk so that you got a
message every x minutes or x seconds and it was always at least y
size regardless of if there was anything in it for you of
interest or not. If messages were over y size, they split and queued up for
the next interval.
> Third: the mix network had better cross multiple jurisdictions that are
> not accustomed to cooperating with each other. This seems very
> difficult to arrange.
Specifically on the jurisdictional point:
I've looked into this, I did some research into cloud providers in different
jurisdictions. After all if it's going to scale you're unlikely to be building data
centres on the way to the system becoming successful. It is possible that
you don't actually need to go to the extremes of routing stuff via Russia, China
Egypt and Pakistan. I've got another discussion on another list about what
entities that are allowed to co-opoerate can actually do on behalf of each other.
It turns out there is an interesting disconnect between Irish law and the UK law
(I picked Irish law because Amazon's european operations are in Ireland)
You have to decide if you are worried about co-operation as allowed by law
or not for the jurisdiction you're in, i.e. are you going to go to prison or not.
The main instrument of cooperation here is a thing called an MLAT, a mutual
legal assistance treaty and they're signed with an awesome number of countries.
They only enable cooperation to the extent that local law allows and have different
rules about support that allows evidence that can be admissible in court and other
kinds of support.
So it comes back to what you're worried about, it doesn't have to be about absolutes
> I'd love to be disabused of the above though.
> The cryptography mailing list
> cryptography at metzdowd.com
More information about the cryptography