API tools faq
paste
Guest User

Untitled

a guest
Jan 22nd, 2018
150
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.06 KB | None | 0 0
raw download clone embed print report
  1. - User ID's are newly generated each time, based off a shared secret
  2. with the nymserver. If I created accounts on a nymserver, potentially
  3. having the majority of accounts on a server, can I figure out a user's
  4. User IDs by observing what buckets a user retrieves? In general, does
  5. owning most of the User IDs on a nymserver give rise to attacks on
  6. de-anonymizing a user?
  7.  
  8. ===========
  9.  
  10. - Should Pynchon make recommendations on the "using TLS", in light of CA issues? Maybe pin certs?
  11.  
  12. ===========
  13.  
  14. When building a user's buckets for a given cycle, the nymserver tries
  15. to include all the pending messages for that user. If this is not
  16. possible, the nymserver instead includes:
  17.  
  18. - As many pending messages as possible.
  19. - All ACK and ERR messages.
  20. - A SUMMARY message listing all pending messages *not* included in
  21. the current cycle.
  22.  
  23. What happens when the ACKs or ERRs overflow the bucketsize? What if
  24. an attackers tricks a user into issuing a lot of control messages
  25. (especially if the user's client does it automatically)?
  26.  
  27. ===========
  28.  
  29. * A remailer interface to the nymserver that allows keyholders to
  30. send pseudonymous mail from their accounts, change their
  31. account settings, open new accounts, and so on.
  32.  
  33. "Sending pseudonymous mail from their accounts" sounds like a wholly
  34. complicated system that was entirely glossed over and never mentioned.
  35.  
  36. ===========
  37.  
  38. I'm concerned about the total lack of direction in terms of client design.
  39.  
  40. In order to provide security, however, we must ensure that
  41. the system is deployable and usable: since anonymity and
  42. pseudonymity systems hide users among each other, fewer
  43. users means less protection [1]. Thus ... we should not
  44. require a complicated interface.
  45.  
  46. I think it's important to brainstorm a client that appeals to people
  47. besides "privacy enthusiasts, cypherpunks, and cryptohipsters". I
  48. left out developers - because if we make a client that appeals to
  49. developers, I'd say that's a big success even if it doesn't appeal
  50. to the general population!
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!