From f64fc53be0b8582adebda1ed6650a0531e4683fd Mon Sep 17 00:00:00 2001 From: Sarah Jamie Lewis Date: Tue, 8 Jun 2021 12:09:09 -0700 Subject: [PATCH] Add comment about niwl RE: ofcp --- src/open-questions.md | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/src/open-questions.md b/src/open-questions.md index faa90ae..d70d10f 100644 --- a/src/open-questions.md +++ b/src/open-questions.md @@ -8,20 +8,26 @@ as well as find new problems. Here are the problems we know about: -* **The User Experience of Metadata Resistance Tools**: Environments that offer +### **The User Experience of Metadata Resistance Tools** + +Environments that offer metadata resistance are plagued with issues that impact usability, e.g. higher latencies than seen with centralized, metadata-driven systems, or dropped connections resulting from unstable anonymization networks. Additional research is needed to understand how users experience these kinds of failures, and how apps should handle and/or communicate them to users. -* **Scalability**: Heavily utilized Cwtch servers increase message latency, and +### **Scalability** + +Heavily utilized Cwtch servers increase message latency, and the resources a client requires to process messages. While Cwtch servers are designed to be cheap and easy to set up, and Cwtch peers are encouraged to move around, there is a clear balance to be found between increasing the anonymity set of a given Cwtch server (to prevent targeted disruptions) and the decentralization of Cwtch groups. -* **The (Online) First Contact Problem**: Cwtch requires that any two peers are +### **The (Online) First Contact Problem** + +Cwtch requires that any two peers are online at the same time before a key exchange/group setup is possible. One potential way to overcome this is through encoding an additional public key and a Cwtch server address into a Cwtch peer identifier. This would allow @@ -33,15 +39,22 @@ Here are the problems we know about: aim of disrupting new connections). However, the benefit of first contact without an online key exchange is likely worth the potential DoS risk in many threat models. + +Note: Something like [niwl](https://git.openprivacy.ca/openprivacy/niwl) may now allow us to +overcome this problem via fuzzy message detection and offline message retrieval. -* **Reliability**: In Cwtch, servers have full control over the number of messages they store and for how long. This has +### **Reliability** + +In Cwtch, servers have full control over the number of messages they store and for how long. This has an unfortunate impact on the reliability of group messages: if groups choose an unreliable server, they might find their messages have been dropped. While we provide a mechanism for detecting dropped/missing messages, we do not currently provide a way to recover from such failures. There are many possible strategies from asking peers to resend messages to moving to a different server, each one with benefits and drawbacks. A full evaluation of these approaches should be conducted to derive a practical solution. -* **Discoverability** of Servers: Much of the strength of Cwtch rests on the assumption that peers and groups can change +### **Discoverability** of Servers + +Much of the strength of Cwtch rests on the assumption that peers and groups can change groups at any time, and that servers are untrusted and discardable. However, in this paper we have not introduced any mechanism for finding new servers to use to host groups. We believe that such an advertising mechanism could be built ver Cwtch itself.