From: Scott Brickner <sjb@universe.digex.net>
Date: Fri, 7 Jun 1996 12:34:11 +0800
To: nelson@crynwr.com
Subject: Re: Multiple Remailers at a site?
In-Reply-To: <19960604232157.2053.qmail@ns.crynwr.com>
Message-ID: <199606061916.PAA07088@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


nelson@crynwr.com writes:
>Scott Brickner writes:
> > If the remailer does a good job with the delays and shuffling, then
> > it becomes difficult for the analyst to match message a with
> > message b, leaving him with what he already knew (that A and
> > RemailerX have a common interest, as to B and RemailerX, but the
> > interests may be wholly unrelated).
>
>Nope.  Not if each of them runs a remailer.  That's why mixmaster is
>SO WONDERFUL.

Aside from the fact that your point doesn't address mine, it doesn't
address the issue.  The "to" and "from" values that the traffic analyst
will be using are the IP addresses in the packets.  It doesn't matter
whether mixmaster, cypherpunks, or penet remailers are used, they still
use IP addresses.

Retransmission delays slightly reduce the analyst's ability to
correlate inbound and outbound messages.  Mixmaster significantly
reduces it, since all messages are the same size.  Chaining (and
mixmaster's inter-host mixing) means that the analyst needs to target
more machines to get meaningful correlations.

The discussion was about multiple remailers from multiple accounts on
the same machine.  The very existence of the remailer, independent of
issues like shuffling and chaining, is supposed to eliminate
identifying the originator by the content of the message.  Message
shuffling, delays, and chaining are entirely for the purpose of
reducing the information available to the traffic analyst.  If several
remailers are running on the same machine, they may be treated as if
there were only one remailer, for the purpose of traffic analysis.
Getting more traffic going through them just makes the analysts job
easier, because his statistical conclusions are stronger.