Re: [dispatch] [Secdispatch] A protocol for anonymity
Martin <martin@gwerder.net> Mon, 11 March 2019 05:31 UTC
Return-Path: <martin@gwerder.net>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98F6E130F32; Sun, 10 Mar 2019 22:31:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VtVxWp3sNt2e; Sun, 10 Mar 2019 22:31:11 -0700 (PDT)
Received: from horus.gwerder.net (horus.gwerder.net [IPv6:2a01:4f8:161:5211::2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C221130F0B; Sun, 10 Mar 2019 22:31:11 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by horus.gwerder.net (Postfix) with ESMTP id 51CE8E29E58; Mon, 11 Mar 2019 06:31:09 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at horus.gwerder.net
Received: from horus.gwerder.net ([127.0.0.1]) by localhost (horus.gwerder.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zyJq1vtdl0EA; Mon, 11 Mar 2019 06:31:03 +0100 (CET)
Received: from [192.168.244.105] (145.180.195.178.dynamic.wline.res.cust.swisscom.ch [178.195.180.145]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) (Authenticated sender: mgwerder) by horus.gwerder.net (Postfix) with ESMTPSA id C7C7DE2A48A; Mon, 11 Mar 2019 06:31:02 +0100 (CET)
To: "Salz, Rich" <rsalz@akamai.com>, "rfc-ise@rfc-editor.org" <rfc-ise@rfc-editor.org>, "secdispatch@ietf.org" <secdispatch@ietf.org>, "dispatch@ietf.org" <dispatch@ietf.org>
Cc: "sec-ads@ietf.org" <sec-ads@ietf.org>, "art-ads@ietf.org" <art-ads@ietf.org>, "draft-gwerder-messagevortexmain@ietf.org" <draft-gwerder-messagevortexmain@ietf.org>
References: <1d369e948382f1431f6e67abce4ca0c8.squirrel@www.amsl.com> <F7BDADFC-FBEF-4049-945B-BD865AB58229@akamai.com>
From: Martin <martin@gwerder.net>
Message-ID: <336679b2-abd1-6372-050e-974530088821@gwerder.net>
Date: Mon, 11 Mar 2019 06:31:01 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.3
MIME-Version: 1.0
In-Reply-To: <F7BDADFC-FBEF-4049-945B-BD865AB58229@akamai.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Content-Language: de-CH
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/jq7yChygJZ1bFhnZZdM3DYavXEE>
Subject: Re: [dispatch] [Secdispatch] A protocol for anonymity
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Mar 2019 05:31:14 -0000
Hi Rich Thanks for your concern. I understand where it is coming from. The reason why Security Considerations are so small is that there is another (academia) document dealing mainly with the security of the protocol. Although the thesis has not been published (still needs lecturing, a couple of attentive eyes questioning everything, and extension of some sections), it is linked in the document, and you may read it. I felt that including this into the RFC is too much by far. I, therefore, referenced it in the first paragraph. Do you think that this was the wrong decision? You made definitely a valid point: Why believe a single person (in terms of an administrator of a system or writer of a paper)? My reply is: You should not. Read it and build your own opinion. There are a lot of minor flaws in the protocol depending on how your adversary looks like. A lot of "do's" and "donts's." If you are looking for the "why's" then reading [MVAnalysis] is mandatory. Another main problem is censorship resistance. The more you regulate the behavior of the node, the easier it is to identify nodes (at least in some points). I, therefore, tried to integrate all absolute mandatory rules and to leave freedom to all other rules. I am sure willing to change that decision if you think it should be entirely included in the document instead of linking, but the document is already far from being lightweight. Regards Martin Am 11.03.2019 um 03:20 schrieb Salz, Rich: >> https://datatracker.ietf.org/doc/draft-gwerder-messagevortexmain/ > > I am VERY concerned about publishing something that claims to be a protocol for anonymity that has no security analysis and seems to be the work of one person. >
- [dispatch] A protocol for anonymity RFC ISE (Adrian Farrel)
- Re: [dispatch] A protocol for anonymity Hernâni Marques (p≡p project)
- Re: [dispatch] [Secdispatch] A protocol for anony… Stephen Farrell
- Re: [dispatch] [Secdispatch] A protocol for anony… Salz, Rich
- Re: [dispatch] [Secdispatch] A protocol for anony… Martin
- Re: [dispatch] [Secdispatch] A protocol for anony… Salz, Rich
- Re: [dispatch] [Secdispatch] A protocol for anony… Martin
- Re: [dispatch] [Secdispatch] A protocol for anony… Barry Leiba
- Re: [dispatch] [Secdispatch] A protocol for anony… Eric Burger
- Re: [dispatch] [Secdispatch] A protocol for anony… RFC ISE (Adrian Farrel)
- Re: [dispatch] [Secdispatch] A protocol for anony… Martin Thomson
- Re: [dispatch] [Secdispatch] A protocol for anony… Eric Rescorla