Zero-Knowledge Systems, Inc proposes the following draft for consideration by the NymIP-RG as a statement of the goals and direction of the overall NymIP effort.
$Id: goals.html,v 1.1 2000/10/30 19:21:20 jbash Exp $
The ultimate goal of the NymIP effort is to design and deploy protocols which allow entities to communicate at the IP layer, while controlling the disclosure of information which might identify those entities to one another or to third parties. We call this "controlled nymity".
This goal has several subgoals--
To stimulate research on unsolved problems in controlled nymity, and to develop a common terminology and outlook on the problem. This is primarily the work of the NymIP Research Group (NymIP-RG), which is the first organization chartered under the NymIP effort.
To translate research results into implementable specifications, and to formally standardize those specifications. As results emerge from the NymIP-RG and other sources, it will probably become appropriate to form one or more IETF Working Groups for this purpose. However, the only real requirement is that the specifications meet the technical goals, permit interoperability, and be accepted by potential implementors.
To provide easily-adoptable reference implementations of the protocols. This will probably involve creating one or more open development groups, which will presumably work closely with the standardization group(s).
To create whatever formal and informal structures and norms are needed to support a robust, publicly available controlled nymity service, and to develop a pool of competent operators. The organizational requirements of this goal, if any, will presumably become clear as technical work progresses.
Anonymous and pseudonymous communication are of interest at a number of layers other than the network layer. However, the NymIP effort is restricted to the network (IP) layer, and will take other layers into account only insofar as it is desirable for the IP layer to share constructs and concepts with systems at other layers.
Controlled nymity is a difficult problem. Naive solutions work against unsophisticated adversaries, but are subject to an enormous array of attacks from sophisticated ones. Theoretically secure solutions exist, but are perceived as unimplementable because of performance considerations. It is not clear, even to practitioners in the field or operators of existing services, exactly how much security can be provided in real networks, or at what cost in performance. Furthermore, it is not at all clear that all feasible basic approaches to controlled nymity have been explored or enumerated.
The general goal of the research effort must be to create understanding of the problems, and of the possible solutions, and to generate a common terminology and approach to the problem. Specific research areas likely to bear fruit include--
It is perhaps audacious to set detailed goals for protocols at so early a stage, and surely the goals will evolve as the problem becomes better understood. Nonetheless, protocols must provide specific services, and it is difficult even to conduct research on a problem without understanding the services to be provided.
At present, it seems that the following are likely to be required of the finished system--
Ability to carry IP traffic, and possibly other network-layer traffic.
Nymity levels, negotiated among the communicating parties, from complete anonymity to strongly authenticated persistent pseudonymity.
Quantifiable security guarantees against a robust and realistic set of adversaries, including traffic analysts, active adversaries, and denial-of-service adversaries.
Support for networks created by the cooperation of diverse, mutually suspicious operators, without the need to trust or rely on any small set of entities or organizations for either the functioning or the security of the network.
A rich set of performance and security tradeoffs, with the accessible performance/security space including as many as possible of the applications believed to be of interest to users, under well-defined threat models believed realistic for the users of such applications.
Ability to be be layered over the Internet, and possibly over other substrates as well.
Provisions for cost recovery by service operators. Cost recovery mechanisms must not require the disclosure of identity information to service operators.
In order for the standards to actually be adopted by users and service providers, the following also appear to be needed--
Implementability by any interested party without unduly burdensome licensing restrictions.
Availability as a production-quality Open Source reference implementation.
Presentation in a form acceptable as a standard by the relevant parts of the networking industry.
Well-articulated design principles, available to the public at large, with all design decisions fully explained.