Anonymity questions

[ADB]

Wouldn't that make it even more insanely slow and inconsitent than it is 
already? Also, unless you're doing either just one host's connections or 
a large group of connections, it doesn't seem to make sense. If it's 2-5 
hosts or something, it doesn't seem like it would have a very good 
security/resources ratio.

~A

Michael Holstein wrote:
> I've thought about this too (and the BGP routing thing I hadn't heard, 
> but I was aware that ATT, et.al. were being NSA-friendly by routing 
> international calls through US-based switches) -- but if they do it 
> for voice, they do it for data, since to AT&T, it's all really data 
> anyway.
>
> So how about this as a proposed solution:
>
> Rather than encrypt individual TCP streams, allow the TOR nodes (or at 
> least the intermediates) to do GRE or IPSEC, and then route multiple 
> streams (each themselves encrypted) inside a seperately encrypted tunnel.
>
> This would make it impossible (er...more difficult) for someone to 
> match traffic entering with traffic exiting (assuming sufficient 
> padding and whatnot to keep traffic fairly constant). Unless you can 
> pick a large "burst" out of the other chatter, you'd make it 
> signifigantly harder to trackback on an individual stream.
>
> Sort of like a mesh-network of opportunistically created VPNs -- 
> creating an encrypted "cloud". I think this is sort of what the 
> Freedom network tried to do commercially a few years ago. Another 
> advantage of this might be the ability to actually use BGP tables to 
> assist in routing, since at this point, you'd have created an 
> encrypted "overlay internet". Those tables could then be manipulated 
> with control traffic inside the cloud to deal with ensuring traffic is 
> routed through multiple countries (or around certian ones).
>
> The other advantage of a GRE/IPsec approach would be the ability to 
> carry any type of traffic, not just TCP.
>
> Thoughts?
>
> Michael Holstein CISSP GCIA
> Cleveland State University
>
>
>