From: Nathan Zook <nzook@bga.com>
When I say that the Mark I remailers are laughably easy to crack, I mean laughably easy.
By whom? I am hearing a general denunciation of the current remailer system. These blanket denials are false on their face, because they are not true in every circumstance.
The only reason that our systems are actually able to do any good is
By anyone with the resources to snoop up- and down- stream of all the remailers. that
our threat model _is not_ an LEA--with government resources, and government patience.
_Our_ threat model?
There is not one threat model. Each person has their own threat model and their own desired level of security. An individual also desires more security for some messages than others. The current remailer network is good for some purposes and bad for others.
Every evaluation of security _must_ include the nature of the security desired, because there is no single concept called "security" which is the same in every situation.
Eric
Yes, but... The very act of going to the trouble of using these remailers means that you are dealing with someone powerful enough to read past forged From/From: lines. Does it take that much more to snoop these sites? My gut says no. Everybody harps chaining. Does snooping take more effort than compromising? I think it would be hard indeed to say so. So if we think Eve can compromise some remailers, and/or read past From/From: faking, we are, I believe, forced to believe that Eve can snoop all the remailers. Threat models need to be uniform in the power of the opponent. Nathan