[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Anonymous flooding
I wonder if full crypto anonymity as we envision it will be stable?
I'm very concerned about the problem of anonymous users intentionally
flooding the network with garbage in order to bring it to its knees.
Current practice, in the non-anonymous world, is to trace excess
traffic to its source and stop it from being generated. This will no
longer be possible when true anonymity is available.
This would particularly be a problem if a remailer is willing to forward
an incoming message to more than one destination. In that case, by sending a
single anonymous message, a saboteur could generate an exponential amount
of net traffic. This would be bad.
Two basic precautions for a remailer to take are
1. To require a 1-1 correspondence between input and output messages.
2. To require that the address portion of the message shrink at each step
(preventing infinite loops).
If this is done, then the saboteur's original message can be at most
n-fold replicated, where n is the maximum number of remailer hops
allowed.
However, I still have some fundamental concerns that an anonymity-based
system is vulnerable to flooding and denial of service by the bad guys,
including Big Brother, who may wish to prevent effective use of such
systems. This may make operating a remailer a difficult proposition.
I'm discouraged. Any thoughts?
-- Marc Ringuette ([email protected])