<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">On 4/16/21 7:08 AM, Henry Baker wrote:<br>
</div>
<blockquote type="cite"
cite="mid:E1lXPBJ-000854-GW@elasmtp-mealy.atl.sa.earthlink.net">Re:
In wifi terms it sounds like a temporary SSID that is communicated
out-of-band.
<pre class="moz-quote-pre" wrap="">This is precisely what I'd like to avoid.
If I have a point2point connection within my house, there should be no 'SSID' -- temporary or not -- broadcast that is 'visible' outside the house.
</pre>
</blockquote>
<p>If you are doing this on wifi, assume <i>something</i> is
receivable outside the house. Whether it is visible as an
arbitrary SID ("orange-couple-sonic", "inside-mustang-iris"…) or
is invisible—until some sniffer software is updated to display a
description of observed point2point connections—seems a fine
point: Radio signals <i>will</i> be observable. <br>
</p>
<p>Which makes me again wonder what problem is being solved. What
are use cases? There will be a lot of traffic analysis risks, do
you really hope to hide that a rendezvous has happened at all?
(That's hard.) What do you expect to be learnable and what not?<br>
</p>
<p>And what do we mean by "anonymous rendezvous"? Certainly not an
assignation with a randomly chosen corespondent, there has to be
some identity established out-of-band, plus an expectation that a
rendezvous will take place in some time window at all ("now"?) and
in some geographical location ("here"?). <br>
</p>
<p>Is this two people near to each other and they say: <br>
</p>
<p> Alice: "Let me transfer the file. <click, click> I've got
rendezvous 'police-papa-flag'."</p>
<p> Bob: "Yes, I see it. <click, click>
'madonna-noise-martin'?"<br>
</p>
<p> Alice: "Yes. <click>"</p>
<p> Bob: "'proposal3.pdf'?"</p>
<p> Alice: "That's it."</p>
<p> Bob: "Got it. Thanks! <click, click>"</p>
<p> Alice: "<click, click></p>
<p>Ignore fine details of protocol implications, maybe there are QR
codes used, my point is there is an enormous amount out-of-band
communications in the above. Including a "here" and a "now".</p>
<p>That is one use case. It is a rendezvous, it has anonymous
aspects. An external observer will likely be able to know the
transaction happened, know how long the connection was alive,
estimate that a single file was transferred and make a reasonable
guess as to the file size. Add some fingerprinting of the RF
signal (remember, radios are analog devices) and the observer can
probably know they are the same two devices as an earlier
connection, and maybe the device that initiated the connection is
reversed from last time, when maybe Bob sent proposal2.pdf to
Alice.</p>
<p>But "anonymous rendezvous" could mean something rather different.
Maybe Alice and Bob's computers have been configured together and
are always trying to rendezvous and automatically connect when
they can, with queued data automatically send when a connection is
established. Very different use case that solves different
problems. It is also a rendezvous, it has anonymous aspects. It
will also be very observable. What do you expect to be learnable
and what not?</p>
<p>Neither is a pure "anonymous rendezvous", but such a thing sounds
like an oxymoron, so what do we mean?<br>
</p>
<p><br>
</p>
<p>-kb, the Kent who wonders the practical reasons why Alice and Bob
are bothering with any of this spy stuff at all, and why they
aren't just using the network connections they already have and a
service like Dropbox.<br>
</p>
</body>
</html>