From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 11 Aug 1997 14:22:45 +0800
To: daw@cs.berkeley.edu
Subject: Re: TAZ & Rewebber servers
In-Reply-To: <199708091606.RAA00914@server.test.net>
Message-ID: <3.0.2.32.19970810230443.00779d84@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>Ian Goldberg and Dave Wagner have a paper on an implementation of
>something related to Ross Anderson's paper at:
>
>	http://www.cs.berkeley.edu/~daw/cs268/

Comments: 
- Nice paper
- I think Lance Cottrell's name is spelled with two "t"s (Footnote 7).
- Also, the anonymizer is now at Infonex.com rather than C2.net.

- The mixture of rewebbers and TAZ servers is interesting;
you can either have http://ENCRYPTED_PATH.taz/document.html
or http://ENCRYPTED_PATH_AND_DOCUMENT_NAME as the URL,
providing different kinds of security.  The former makes it easier
to find stuff, since the documents can have meaningful names,
though //ENCRYPTED_PATH_AND_DOC// can point to //PATH1.TAZ/index.html 
which can point you to the encrypted URLs for document1.html,
document2.html, etc.

- You were awfully nice to the Onion Router folks; my take on their
smaller set of features vs. PipeNet is that they didn't think of  the
other attacks.  On the other hand, they were funded and working on a
project for their jobs, so they did do the work to finish and implement it,
which is of course a Good Thing.

- Elliptic curve flavors of public-key are probably valuable.
Nobody understands them well enough to explain to the non-math-wizard (:-),
but they do appear to use substantially shorter keys and outputs.

- Proxy caching is a mixed blessing.  While caching does increase the
difficulty of traffic analysis by reducing the number of requests that
chain through to the end server, it increases the ability of Bad Guys to
trace through the network using subpoenas, warrants, rubber hoses, or
basic system cracking, because it leaves a trail of cached documents.
Each system still has to be compromised to discover the next link in
the chain, but caching makes it easier to verify that a compromise
has been successful.

- While rewebbers are less likely to be spammed than remailers,
and less likely to annoy users, they're still annoying to the
Powers That Be.  The obvious attacks on the rewebber system are to
post Scientologist Child Porn WareZ on the well-known rewebbers, 
post announcements to Usenet about its availability, and
let the CoS and the Postal Inspectors go after them one by one.





#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
#   (If this is a mailing list or news, please Cc: me on replies.  Thanks.)