-----BEGIN PGP SIGNED MESSAGE----- Adam Back:
Public access servers aren't a good idea. Really people should be running local access servers only. The index is local, cache is local, and USENET is a distributed broadcast medium.
True.
However it seems to me that the weakest point is the remailer network. It seems likely that it would be much easier for governments to shut down the remailer network than it would be to shut down USENET. There are only around 20 or so remailers, and they all have known IP addresses, operators, localities, etc. I expect the spooks could shut them down with less than 1 days notice if they wanted to.
How do we improve the resistance of the remailer network to well resourced attackers intent on dismantling it?
By having anonymous remailers which are themselves anonymous -- running on discarded accounts, only known by a few other remailers, not the general public, perhaps by splitting up remailer addresses as a shared secret, so one remailer knows there is a "foo remailer" it can use, and has 1 of 3 where 2 pieces are necessary to have the address. and sends it to another remailer which may have the other part of the address. Perhaps probabilistic routing? Remailers which don't know all the components to an address, see how many they can assemble, and choose randomly? It does make enforcing "I want this remailed through multiple independent groups in case you're a fed" more difficult for the user -- perhaps they could send pieces of the message to be reassebled inside the remailer network? All of this is great, but it's a lot of work, and remailers are quickly consumed in this model. Thus what I think is the true solution: Providing a financial incentive for people to run remailers. This requires digital cash. I believe digital cash will soon exist, and thus this will soon be possible. (Also, a lot of these techniques would be valid in a higher performance non-email based system. Or even in a "type III" remailer network where secret sharing and probability and high traffic are used in place of message pools. Message pools are a direct tradeoff of performance for security -- an unacceptable tradeoff for current interactive systems, unless one could prefetch very effectively, or if so many people used a server that its message pool would not need to sit around very long -- this means the average user would be using a very small amount of the resources of a very large and highly loaded server -- this makes the large and highly loaded server an attractive target for attack.
Adam
- -- Ryan Lackey rdl@mit.edu http://mit.edu/rdl/ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBNL8uuKwefxtEUY69AQGUuwgAwl0YJM/Qd7uPySeEWQq+Dne0HezmAKSl iNkJmgK352V1xz2wBqKtCnvt74WffvonA8ggtlq7Qw/KrYP+i0gkYmQ0wm7FDeWc rhpLtymFhr7BDyGV2gusiYHOW9yFCQ381YeXxSuc/l3SKi2IV9l3fXFcGlMCRr1E vHUYPimEGSiKJgr6P0wjS++6fz0KYlkKy4US4YUIFqh0jmoIf018UgZPVhwnmaj6 pyzzesRk0X183fmDinXwQCP/UE+DnwfYl5tl9Uv+cRXRbkRZe6zLik+gig1H9inz SIdkGS9PjV2EuA+kKysFEARWaLh8U6oppBwJrk/cUs6zdBAgnNo/sw== =/ssf -----END PGP SIGNATURE-----