[Remops] mixmaster's 1024-bit RSA is getting old
Lance Cottrell
loki at obscura.com
Thu Oct 31 18:33:43 GMT 2013
Back in the mid 1990’s I wrote, but never got working, a Mixmaster server mode.
It authenticated connections using the key hash of the next Mixmaster node.
Then, after getting the next node’s public key, the two nodes would execute a DH key exchange for forward security.
The nice thing about this was that any given node did not need to know anything about the next node a priori. The receiving node does not care about authenticating the sending node at all.
This might be worth revisiting. Any node would first make an attempt to deliver messages using the server mode before dropping back to SMTP delivery for compatibility.
-Lance
On Oct 31, 2013, at 5:32 AM, Tom Ritter <tom at ritter.vg> wrote:
>
>>> I should also note that I think it would be much, much more valuable
>>> to include StartTLS encryption (with ECDHE-based PFS) between
>>> remailers, and distribute the SSL certificates alongside the remailer
>>> keys, that way clients and remailers can encrypt the link. IMO this
>>> would be way more valuable than defending against an tagging attack
>>> that requires an active attacker, and just as valuable, if not moreso,
>>> as upgrading to RSA 2048/4096.
>>
>> That's more of an MTA configuration issue (together with key distribution)
>> and can be done independently of changes to mixmaster. Ideally we will
>> get both before long.
>
> I agree it's seperate in the 'stack', but looking at it from an
> ecosystem perspective - it's a giant omission and security issue that
> hasn't been addressed yet.
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4877 bytes
Desc: not available
URL: <http://lists.mixmin.net/pipermail/remops/attachments/20131031/91464fab/attachment-0001.bin>
More information about the Remops
mailing list