Re: [Cryptography] IPv6 and IPSEC

[Moritz]

 Since forward and reverse DNS will rarely match for IP addresses used by 
 individuals 
 rather than service providers, this change precludes home users of
 IPv6 from sending email to Gmail acccount.

 Note that this new restriction imposed by Gmail only applies to IPv6 
 addresses, not 
 IPv4 addresses.

For many years now, most mail servers have been rejecting mails sent
from dynamic IPs. And for IPv6 specifically, long before Gmail, a lot
of ISPs already required forward and reverse DNS to match.

--Mo
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

Re: [Cryptography] Email and IM are ideal candidates for mix networks

[Moritz]

Hi,

On 26.08.2013 00:28, Perry E. Metzger wrote:
 We probably don't want any sort of central service running this
 network that could be easily disrupted, so identifier to IP address
 information should probably be stored in some big honking DHT, signed
 in the ID's key. Access to the DHT probably should happen in some
 privacy preserving way, possibly through the mix network itself or a
 PIR protocol.

Hashing it out in public: Common failure modes of DHT-based anonymity
schemes

by Andrew Tran, Nicholas Hopper, and Yongdae Kim.
In the Proceedings of the Workshop on Privacy in the Electronic Society
(WPES 2009), Chicago, IL, USA, November 2009.

http://freehaven.net/anonbib/#wpes09-dht-attack

We examine peer-to-peer anonymous communication systems that
use Distributed Hash Table algorithms for relay selection. We show
that common design flaws in these schemes lead to highly effective
attacks against the anonymity provided by the schemes. These at-
tacks stem from attacks on DHT routing, and are not mitigated by
the well-known DHT security mechanisms due to a fundamental
mismatch between the security requirements of DHT routing’s put-
get functionality and anonymous routing’s relay selection function-
ality.

[...]

CONCLUSION

The anonymity literature, including all of the schemes investi-
gated here, is replete with claims that a peer-to-peer architecture is
necessary in order to construct a scheme that will work at Internet
scale. Distributed Hash Tables offer a scalable architecture for or-
ganizing and finding peers, and thus appear to be an obvious choice
of peer-to-peer architecture. However, as we have shown there is
not a clear bijection between the security and robustness require-
ments of a DHT’s put-get interface and an anonymity scheme’s re-
lay selection mechanism. This leads to severe vulnerabilities in
the existing schemes based on DHTs, limiting the deployability of
such schemes. The critical question for future work in this line
of research is whether a “DHT-like” algorithm can be designed to
meet the specific requirements – in terms of privacy, availability,
and correctness – of an anonymity scheme.

___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography