Proposals 1, 2 and 1.1 arguments

See Proposal 1 (P1) design, Proposal 2 (P2) and Proposal 1.1 (P11).

Pro and con arguments for the different proposals discussed after juga’s presentation on January 12, 2021 [MixmailerSlides] .

Stratified topology

  1. arguments against:

  • attacks on the exits

  • authorities decide the possition

  • nodes should decide the route (free-routing)

j counterarguments:

  • attacks on exits:

  • do not deanonymize sender, nor their location, per se

  • can be done by any operator that runs the exit:

    • reason why TLS is recommended (avoid MiTM)

  • if target is the receiver, it is easy to find the “random” exit

  • intelligence agencies try more sophisticated attacks trying to deanonymize the whole path

  • it’s the node that decide the possition in Loopix


j arguments:

  • they’re needed so that:

    • all clients have the same view of the network, otherwise sybil attack

    • can reward/penalize nodes that go on and off, missbehave, etc.

  1. counterarguments:

  • it’s the nodes which take those decissions.


j arguments:

  • avoid clear metadata at last hop

  • Let’s Encrypt has helped a lot to do not depend on 3rd party entities

  1. counterarguments:

  • 0 trust on TLS

Message size

j arguments:

  • can’t pad while not possible to predict final size, what is only possible with same OpenPGP algo. and without compression

  • need of fixed size (huge) padding so that the attacker doesn’t know in which position of the route is the message

  1. counterarguments:

  • random padding, if message is too big and it’s know it’s at 1st possition in path, bad luck


V.: pEp is not OpenPGP/MIME when 2 pEp clients talk, but it’s OpenPGP/MIME compatible when the receiver is not pEp client.

Hidden headers


  • agrees that the metadata is clear at last hop

  • Outside (clear) From might not be the same as the inside (encrypted) From

  • it has been implemented since years


V.: it’s needed that GNUnet implements a GNS library


V.: all this should be impemented in the engine including GNS resolving/registering


j arguments:

  • we can rewrite mail proxy. License of nodes running software doesn’t matter cause pEp is not going to run them

  1. contrarguments: not the technical solution we want