On Tue, 4 Oct 1994, Frederic Halper wrote:
What's the status of the penet.fi remailer. Is it secure? Reuben
I personally don't care for the penet type remailers. Their only true virtue is to allow you to receive return mail to an anon-post. The trade-off is that this is done by a form of identity escrow. Julf (who runs penet.fi) has your e-mail address connected to the anonXXXXX identity that you get issued automatically. As far as reputations go, Julf has an excellent reputation in the C-punx community, and there is little likelihood of Finnish govt. officials giving in to US Govt. pressure to crack down on Julf to turn over his *little black book*. There was recently an attack on the penet.fi remailer that depended upon the ability to spoof the From: lines on messages, some unknown person sent hundreds of messages to the anon@penet.fi remailer pretending to be hundreds of other people and had those messages sent to alt.test or misc.test with some phrase about tunafish in the subject, causing this to be known as the *tunafish and spam sandwich attack*. What this did is allocate alot of new anonxxx numbers to people who didn't really want them, (also ultimately denying them the secure use of this service, because someone knew the anonxxx - TrueName correspondence), for those that already had an anonxxx and had set a password things were cool, the messages were just rejected. For those who had an anonxxx and had not set the password, this attack revealed the anonxxx corresponding to their TrueNames to the person who conducted the attack. Not a particularly secure form of identity escrow for the clueless-at-risk-of- identification to be using for posting their wildest homo-erotic fantasies to alt.H.E.A.T.fabio. I was allocated an anxxx I didn't want, and then assigned the password in order to deny the attacker any further use of the anxxx with my TrueName attached to it. C. J. Leonard ( / "DNA is groovy" \ / - Watson & Crick <cjl@welchlink.welch.jhu.edu> / \ <-- major groove ( \ Finger for public key \ ) Strong-arm for secret key / <-- minor groove Thumb-screws for pass-phrase / )