ichudov@algebra.com (Igor Chudov @ home) wrote:
Anonymous wrote:
A scenario:
1) The spooks put a bug (named Eve) on the link between kiwi.cs.berkeley.edu and the Internet.
......
A good scenario. A truly paranoid premail users should verify who signed the remailer keys. If you trust the signators and they signed the keys, you are "safe". Just do pgp -kvv some@remailer.com and see what comes up.
Maybe remailer operators should asks someone reputable to sign their remailers' keys so that the users can easily verify the signatures.
Yes, that is one part of it. Another part is that Raph should include a public PGP key in the premail program and then sign both the remailer-list and the pubring at kiwi.cs.berkeley.edu with it. The public key included in premail should be 1) Used to sign the premail distribution itself. 2) Emailed to various mailing lists such as cypherpunks and also mirrored at various internet sites, so it cannot be spoofed by spooks.