For some research on communications privacy I'm doing at the moment,
I'm interested in learning about the state of the art of DHT systems
and mix network systems. I'd like to know both which systems are
currently considered state of the art and what the state of the art
is on attacks against such
On Fri, 23 Aug 2013 09:38:21 -0700 Carl Ellison c...@acm.org wrote:
Meanwhile PRISM was more about metadata than content, right? How
are we going to prevent traffic analysis worldwide?
The best technology for that is mix networks.
At one point, early in the cypherpunks era, mix networks were
[Disclaimer: very little in this seems deeply new, I'm just
mixing it up in a slightly different way. The fairly simple idea I'm
about to discuss has germs in things like SPKI, Certificate
Transparency, the Perspectives project, SSH, and indeed dozens of
other things. I think I even suggested a
On 08/22/2013 02:36 AM, Phillip Hallam-Baker wrote:
Thanks to Snowden we now have a new term of art 'Prism-Proof', i.e. a
security scheme that is proof against state interception. Having had
an attack by the Iranians, I am not just worried about US interception.
Chinese and Russian intercepts
[Second in a series of several posts about what is needed to make all
Internet messaging go encrypted. Again, if the contents of this post
sound unoriginal, that's because it isn't original thinking. It does
strike me as part of a larger puzzle, however, and some people may not
be familiar with
On Sun, 25 Aug 2013 10:37:52 -0700 Ray Dillinger b...@sonic.net
wrote:
Therefore, IMO, any possible solution to email privacy, if it is to
be trusted at all, must be pure P2P with no centralized points of
failure/control and no specialized routers etc.
Quite agreed. I have a long message in
[Third in an ongoing series. Disclaimer yet again: I make few claims
of the contents here being specifically original to me. Mix networks
and the like have been discussed forever, and I'm sure others have
been having similar thoughts to this of late.]
The aim of the Tor network (which, it should
I think we can agree that the first step is to deploy home servers, and that
the first application there would to host communication applications. Just
doing that without much other change would already provide protection
against the silent spying that goes on in big cloud servers.
Initial
On 08/25/2013 09:12 PM, Perry E. Metzger wrote:
For some research on communications privacy I'm doing at the moment,
I'm interested in learning about the state of the art of DHT systems
and mix network systems. I'd like to know both which systems are
Can you rephrase whether you want info
On Sun, 25 Aug 2013 16:04:59 -0700 Christian Huitema
huit...@huitema.net wrote:
I think we can agree that the first step is to deploy home servers,
and that the first application there would to host communication
applications. Just doing that without much other change would
already provide
On Sun, 25 Aug 2013 21:33:42 +0200 Ralph Holz
ralph-cryptometz...@ralphholz.de wrote:
On 08/25/2013 09:12 PM, Perry E. Metzger wrote:
For some research on communications privacy I'm doing at the
moment, I'm interested in learning about the state of the art of
DHT systems and mix network
My knowledge of the field is pretty spotty in general as I've never paid
much
attention up until now -- mostly I know about how people have built DHTs
in
non-hostile environments. I'm close enough to starting from scratch that I
don't
know yet what I don't know.
I studied such systems
On Sun, 25 Aug 2013 16:42:57 -0700 Christian Huitema
huit...@huitema.net wrote:
I studied such systems intensely, and designed some
(http://en.wikipedia.org/wiki/Peer_Name_Resolution_Protocol). Using
a distributed hash table securely is really hard. The basic idea of
DHT is that information is
That is not my worry. Signing the data posted to the DHT can prevent
spoofing,
querying it over a mix network or using a PIR protocol can prevent
eavesdropping. I'm more worried about various sorts of denial of service
attacks, or service being shut down by inadvertent behavior.
Of course the
On 2013-08-26 11:04 AM, Christian Huitema wrote:
Of course the data can be signed, encrypted, etc. But the rule of the game
is that the adversary can manufacture as many peers as they want --
something known as the Sybil attack. They can then perform various forms of
denial.
We need, and have
On Aug 25, 2013, at 6:28 PM, Perry E. Metzger wrote:
[Commenting on just one minor piece]
...Similar techniques may be useful for voice traffic, but that has
interesting latency requirements, and they're hard to fulfill with a
mix network that might take arbitrary time. There's been some
On Aug 25, 2013, at 7:04 PM, Christian Huitema wrote:
I think we can agree that the first step is to deploy home servers, and that
the first application there would to host communication applications. Just
doing that without much other change would already provide protection
against the
There has to be a layered approach.
Traffic analysis is probably going to demand steganography and that is
almost by definition outside standards work.
The part of Prism that I consider to be blatantly unconstitutional is that
they keep all the emails so that they can search them years later
18 matches
Mail list logo
