In article <m0rSFsb-000kfuC@mill2.millcomm.com>, Mark Oeltjenbruns <marko@millcomm.com> wrote:
I keep seeing the idea that to keep out of trouble remailers and Data Havens should require that data be encrypted before it is accecpted. My question is how do I know it is encrypted? If I say that anyone sending me data to be massaged by my system must first encrypt it, how do I know they are in fact complying with that request? After all this is the area for the paranoid's to hang out in.
I see some possible options. Most don't seem to workable. I could ...
[...]
(2) Force them to pgp it, but that could be defeated by having enough of a pgp sig. that my system is fooled. Not to mention they must use *MY* idea of what good encryption is. After all I could say you must use my encryption software that has a backdoor I know of, i.e. clipper, or that costs money and can only be bought from me. This last point would be one way of making sure you made some money, but does seem impractial.
You're being contradictory here. First you say that you have no way of reliably knowing if it's PGP encrypted, then you say it forces them to use a certain type of encryption. Well, if they can fool your system, they aren't forced to use it! But that's not really my point. I think this method is very valid and could be used in the Real World (well, on the net, at least). Let's say you require everyone to use PGP. Well, if I don't trust PGP but I trust SpamCrypt, there is nothing stopping me from encrypting my data with SpamCrypt and THEN PGP and sending it off to your haven. You see the data is PGP-encrypted, you don't have the PGP key to decrypt it so you can't be accused of having the ability to look at my data, and - correct me if I'm wrong here - unless there's some specific mathematical relation between PGP and SpamCrypt, my encryption is as good as the STRONGEST layer. In fact, as you suggest, this is a good way to implement a pay-per-use haven. All you have to do is only let people use your proprietary data format. You can either sell just the program (a one-time fee, like selling accounts on your haven), or sell single-use keys. Single-use keys are not only a type of one-time pad (again, I may be wrong there), but can be presold in arbitrary lots so companies can buy many keys from you and resell them.
(5) Only acecpt data from a remailer or other service that would be guranteed to be encrypted. This seems like it would lead to a 'good ole boy' network that could exclude service providers it doesn't like. etc. etc.
I don't see the problem with this. You will end up with two types of havens - those that will accept data from a remailer anyone can use (or from a remailer that will accept data from one somewhere down the line) and those that won't. The former are free for anyone to use, and the latter aren't. Sound like the difference between moderated and unmoderated newsgroups? And I don't hear anyone on cypherpunks bitching about the evil of moderated newsgroups. What would be wrong with setting up a haven just for you and your friends? Or anyone but Detweiler? Or anyone but me? Waiting to be called from some mistake, -Spam -- -- Spam is: Steve Marting <spam@telerama.lm.com> My homepage Beer status: Pilsener bottled and aging