In message <2e452e79.nemesis@nemesis.wimsey.com> Stuart Smith writes:
In article <4068@aiki.demon.co.uk> you write:
If you modify the proposed RemailerNet to allow reposting at gateways, you have all of the benefits of the system described above, without the risks. Reposted messages would be encrypted with the far gateway's public key. The near gateway would then have no idea of the ultimate destination of the message. In a well designed system, the far gateway would also not know the identity of the sender.
But how could we do this if we followed your advice, and did not allow the user to select their own chain, as you said previously?
I have assimilated criticisms made and modified the proposal.
By making users *trust* the remailnet as an entity, you make it possible for that entity to be compromised.
(a) I don't force the users to trust RemailerNet as a single entity, (b) how does their trust make it possible for the entity to be compromised?? It is not possible to guarantee that some or all components of a remailer network are not compromised. You can only take steps which reduce the probability.
If the remailernet is not one entity, but a large group of independent entities, compromise is *much* harder.
It is NOT one entity, is IS a large group of independant (but cooperating) entities.
Any traffic sent through this remailer network would have only a tiny chance of getting through without being compromised. If you picked 5 remailers, the chances of all being non-FBI would be about .2^5, 3 in 10,000. The other 9,997 messages would be copied immediately to Langley.
The proposed RemailerNet could be attacked in much the same way. But if the network were widely distributed so that gateways were in different legal jurisdictions and different countries, and if most of the people involved knew one another, it would be more difficult to compromise it.
But if the user does not know the people in the remailnet, how can he or she trust *them*?
In most cases, you do not want the person operating a remailer to know you personally. Ideally, you know them, because they have a widespread reputation (eg, julf@penet.fi). But they do not know you. As a practical matter, the fewer remailers there are, the more likely they are to have an accurate reputation, because more people will have had experience with them.
It's fine and dandy that the remailnet operators trust each other, but the point is to give the end user anonymity, not to form an old boys club of remail operators. If they all know each other, I do *not* think that makes the system more secure, I think it makes it weak.
People have been building systems like this, that involve webs of trust, for millenia. Banks are such institutions. While it is true that familiarity between trusted individuals makes for collusion, it also makes for knowledge. Most people use banks. Few banks are corrupt. A cruder example is the dope dealer. The police regularly attempt to compromise them. Anyone buying dope learns to (a) be skeptical about all dope dealers but also (b) find one that he can trust and stick with him. Dope dealers apply the same sort of heuristic to their suppliers. They ask around all the time, they listen to gossip, they talk to their peers.
As is often stated, a mix-net like this should still be secure if some of the remailers are compromised, so could we speculate on just how easy or hard traffic analysis is with any given percentage of a remailnet compromised? i.e. if we took it as a fact of life that 90% of any announced remailers were spook-mills, could we still trust the remailnet if we used *long* chains in the hope that our messages would pass often enough through *good* remailers to confuse the trail?
RemailerNet v0.2 allows "empowered users" to participate as equals with established RemailerNet operators. This means that the gateway that they are connected to has no way of knowing whether they are originating any traffic, let alone who that traffic is addressed to. The gateway will know that the user is receiving traffic, but it will not know whether that traffic is intended for the user or whether the user is simply acting as a reflector. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Therefore, two users could communicate through a RemailerNet network with ALL nodes [gateways] compromised, and still be secure against most forms of attack. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- Jim Dixon [sorry about the delay in answering this posting. It is dated 7 Aug but I received it 10 Aug]