From: loki@obscura.com (Lance Cottrell)
Date: Sat, 27 Apr 1996 14:34:27 +0800
To: cypherpunks@toad.com
Subject: Re: Mixmaster message formats
Message-ID: <ada6f5a301021004defb@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I know Raph already answered this, but I want to toss my few cents in.

It is important to understand the threat model of Mixmaster. I assumed that
all links and some remailers would be compromised. My goal was to ensure
that no information about the message was revealed except to the first and
last remailers in the chain. To borrow from physics (black hole)
terminology, the message must have no hair.

Any active padding by the remailer implies that it knows an upper limit on
the size of the actual message. If each remailer removes some information,
which must be replaced, then conspiring remailers can obtain information
about the where messages are going, by comparing size, and knowing that the
"kernel" of the message can only shrink.

This last statement is true unless remailers add extra hops, which they
encrypt. The reason this is not effective has been thoroughly discussed on
this list.

Take a look at the essay on my home page. It explains most of the design
decisions.

        -Lance Cottrell


At 5:25 PM 4/25/96, Mark M. wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>I was thinking about how Mixmaster needs a separate message format so it
>can make messages a fixed size and add a packet ID.  However, couldn't all
>this be done with PGP?  With PGP, the length of the file being encrypted is
>encrypted itself, so it would be possible to append random data to the end
>of the file to make the message a fixed length like Mixmaster.  Also, the
>packet-ID could be implemented by putting a line such as the following in the
>message:
>
>::
>Packet-ID: foobar
>
>The only other thing that would have to be taken care of is chaining.  The
>way I could see this working is to have a header in the encrypted message that
>tells the remailer whether it should de-armor the message at the next layer,
>append random data, then re-armor, and pass it to the next remailer.  Am I
>missing something?
>
>- -- Mark
>
>=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
>http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
>"The concept of normalcy is just a conspiracy of the majority" -me
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.3
>Charset: noconv
>
>iQCVAwUBMYAXxLZc+sv5siulAQG5CwP/Qbgune3sjNyB7Y8xNxNW6hCahtgBNJDk
>oT+hZHdlmcB6CZXjgDUSczIfAnygS71PBBysB4DJnugluMTMTGfqmgeikXdvL1zt
>vnwx5xlG0HQeTbVE2+c1uW4uamkdb0MZmNLR06S9M+2i0ROaWzGwNO6WEHqoEL3W
>qwXZ7zPtId0=
>=MaO4
>-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMYFHQfPzr81BVjMVAQH0qgf8DbhHB2rHxYAAMBKoOAiDRW7zy+UViknf
2BmIv6NDW2MYtTHNSLykDVx3XQCeGG4QuuFcmdveD3livQizC9Tb5Rj8cMNI/Qb6
R7RYEAsaraluxBYNxHxFPejZUy/r9jjJm+LzSVaYVfEdzgt5jjNrm2YV53nOinD8
4sfgBtWNKWAyiyl7lTFWKAhLdfYsp3klTecnEBuPetZlv1V3b4RR2xZi4ggIK4VR
lFkASSQUp/c+JhkJWRcNw6z+Df2XJ59ORUGC+MuJp/W56YoTGicca3mI64qGwg7J
745XF8oAOuD3OCvreWiOYU/LScG3lKKMYfhCyWnGXpt32BJyM5hm1w==
=WD5g
-----END PGP SIGNATURE-----

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------