Anonymous wrote:
A scenario:
1) The spooks put a bug (named Eve) on the link between kiwi.cs.berkeley.edu and the Internet.
Whenever kiwi.cs.berkeley.edu sents out the pubring.pgp Eve intercepts it and replaces it with a file of the spooks' choosing. This file will selectively replace the public pgp keys of some of the remailers (say exon) in pubring.pgp with keys to which the spooks know the private key.
2) A similar bug is put on the link between the exon remailer and the internet. All email to exon is intercepted, and if found to be encrypted with the spooks' PGP key, it is decrypted, saved, re-encrypted with exon's real PGP key and sent on.
It is only a scenario. I am still using premail to send this.
A good scenario. A truly paranoid premail users should verify who signed the remailer keys. If you trust the signators and they signed the keys, you are "safe". Just do pgp -kvv some@remailer.com and see what comes up. Maybe remailer operators should asks someone reputable to sign their remailers' keys so that the users can easily verify the signatures. - Igor.