Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- - User ID's are newly generated each time, based off a shared secret
- with the nymserver. If I created accounts on a nymserver, potentially
- having the majority of accounts on a server, can I figure out a user's
- User IDs by observing what buckets a user retrieves? In general, does
- owning most of the User IDs on a nymserver give rise to attacks on
- de-anonymizing a user?
- ===========
- - Should Pynchon make recommendations on the "using TLS", in light of CA issues? Maybe pin certs?
- ===========
- When building a user's buckets for a given cycle, the nymserver tries
- to include all the pending messages for that user. If this is not
- possible, the nymserver instead includes:
- - As many pending messages as possible.
- - All ACK and ERR messages.
- - A SUMMARY message listing all pending messages *not* included in
- the current cycle.
- What happens when the ACKs or ERRs overflow the bucketsize? What if
- an attackers tricks a user into issuing a lot of control messages
- (especially if the user's client does it automatically)?
- ===========
- * A remailer interface to the nymserver that allows keyholders to
- send pseudonymous mail from their accounts, change their
- account settings, open new accounts, and so on.
- "Sending pseudonymous mail from their accounts" sounds like a wholly
- complicated system that was entirely glossed over and never mentioned.
- ===========
- I'm concerned about the total lack of direction in terms of client design.
- In order to provide security, however, we must ensure that
- the system is deployable and usable: since anonymity and
- pseudonymity systems hide users among each other, fewer
- users means less protection [1]. Thus ... we should not
- require a complicated interface.
- I think it's important to brainstorm a client that appeals to people
- besides "privacy enthusiasts, cypherpunks, and cryptohipsters". I
- left out developers - because if we make a client that appeals to
- developers, I'd say that's a big success even if it doesn't appeal
- to the general population!
Add Comment
Please, Sign In to add comment