Re: How secure is SSL emails?

From: Peter Fairbrother (zenadsl6186_at_zen.co.uk)
Date: 06/30/04 

Date: Wed, 30 Jun 2004 09:19:30 +0100

nemo outis wrote:

> In article <BD05B6EA.51882%zenadsl6186@zen.co.uk>, Peter
> Fairbrother <zenadsl6186@zen.co.uk> wrote:
>> Len Sassaman wrote:
>>
>>> On Sun, 27 Jun 2004, it was written:
>>
>>>> Does the Mixmaster network really need "Zillions" of messages to
>>>> be secure?
>>>
>>> Let me answer this by posing a question to you. First of all, "secure
>>> against whom?" We (the academic research community) are attempting to
>>> build a system which will be secure against what we refer to as the
>>> "global passive adversary". This is an attacker who can see (and
>>> process/analyze) all traffic on network. The mix nodes themselves are
>>> black boxes, and the attacker doesn't manipulate traffic in any way.
>>
>> I thought we were trying to defend against an gobal _active_ adversary? I
>> know I certainly am.
>
> Should we? Yes, it would be nice if we could achieve that
> glorious objective, but the counter is that the perfect is the
> enemy of the good.
>
> I'll settle for some preliminary assessment of the capabilities
> of a real-world very powerful opponent, who may nonetheless have
> limits on his omniscience, ubiquity, or activity v passivity as a
> function of time and place.
>
> I agree such a construct - a very powerful but still limited
> adversary - lacks elegance and may not provide tractability for
> analysis, but such is the real world. We should not posit too
> strong an adversary merely as an analytical convenience. Or, if
> we do, we should retain some sensitivity to how we may be
> overconstraining the problem.

Any conceivable adversary with global access is surely capable of sending a
few messages. Limiting it to a passive adversary is pointless, and is not
the usual practice in the academic/research community that deals with mixes
and remailers - for instance the active n-1 attack Nick mentioned is well
studied. 

-- 
Peter Fairbrother