Scalable Distributed Security with Bearer Certificates

Frank O'Dwyer
Wed, 10 Feb 1999 08:39:05 -0800

[feel free to forward this to the E list if you wish]

"Mark S. Miller" wrote:
> Unfortunately, there's also nothing in E's implementation that
> hides location.  The IP address of the machine hosting a Vat is simply
> revealed, and intervat communication is via a direct TCP/IP connection.

You may be interested in something I am working on for TCQ
( In TCQ I need to be able to form mixes on the fly
between participants, without necessarily relying on central facilities
such as onion-routers or remailers. My idea is to provide a lookalike that acts as an interface to a dynamic mix
maintained by the application. That is, the application adds IP
addresses to the mix as it learns of them, and transmissions are
thereafter mixed automatically. To begin with this will only provide
datagram communication (although the underlying comms will be TCP),
since that avoids having to deal with delivery guarantee issues,
ordering, disrupters, nodes dropping out of the mix, etc. However a
stream protocol could in principle be built atop this. Also the
functionality could be wrapped in a SOCKS or plug-gw style proxy,
avoiding the need to modify applications (but requiring some way of
advertising and learning of mix participants). 

This'll be open source Java, so it might be something you could use for
E. However it is a spare time project, so progress is in fits and
starts. If you've any input or comments at this stage it would be very

Frank O'Dwyer.