At 1:08 PM 3/5/96 -0800, Jim McCoy wrote:
The point is not to make a system which is absolutely, positively, no doubt about it, secure against any attacker. If cypherpunks could do this they would be working for defense contractors and others who make certified systems. The objective is to make a system which is difficult to attack, one which costs the attacker time/money. ...
It seems to me that one of the best ways to better protect the remailer system would be to regulary change the remailer keys. By destroying the old secret keys, you protect the remailer and its operator against rubber hose attacks aimed at decrypting recorded traffic. As a suggestion: Assume you change the keys every week. You post this week's key to a public keyserver, replacing last week's key. To allow continuous operation you remember both this week's and last week's secret keys and process messages encrypted under either. To validate these keys, you use a long-term key to sign them. Note that for the really paranoid, this long-term key can be kept at a separate site, and only used after e.g. voice verification of the new key's fingerprint. Regards - Bill ------------------------------------------------------------------------ Bill Frantz | The CDA means | Periwinkle -- Computer Consulting (408)356-8506 | lost jobs and | 16345 Englewood Ave. frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA