On Mon, 17 Dec 2001, Trei, Peter wrote:
Typical Choate, missing the point.
Merry Christmas to you too.
A remailer simply gets sent a message, applies it's decryption key,
The same key it shares with everyone else (all users to anon_1 use the same key - bad!!! idea). Allows you to build up a big library of plain-cypher pairs, and if you send it to yourself you can attack their private key as well.
and sends the contents on to the next address (yes, this type of remailer does not include nice features such as cover traffic).
And it can't encrypt that outgoing traffic since it doesn't have the key to the destination (I assume the user must nest these themselves). This represents a lot of work for the initiator of a email, especially if they're in a 'sensitive' situation. Too big a 'signature' (the traffic analysis kind).
It has no idea if the address it received the message from is a remailer. It has no idea if the address it forwarded the message to is a remailer. It doesn't need to. Chaining is the sender's problem.
The sender having to know all the steps is a major threat to the standard remailer model. In fact it's one of the major shorcomings with the current approaches. The sender should at most be able to set the number of remailers, not which ones. That way there's on evidence sitting around on their machines (and you can posit throwing the keys away each time - but then you have to go out and get them again...and around and around we go). One of the primary points of any remailer technology should be to minimize the threat to the user. This model doesn't. -- ____________________________________________________________________ Day by day the Penguins are making me lose my mind. Bumper Sticker The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------