-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ryan wrote:

Until there is evidence otherwise, I think 5-10 well-administered, professionally maintained remailers, run by reasonably well known organizations, with sufficient legal firepower to defend themselves,

But could they defend themselves from the inside? Quite a vulnerability. I'm sure any government agency out to compromise the system would be delighted to find all the constituent elements neatly-identified and run by "respectable" and "well-known" organizations. God, what more could they ask for. If the government put me in charge of subverting the remailer network, I think the first thing I'd do is round myself up a nice batch of friendly, respectable "professionals" with shiny impressive "professional" credentials (tailored exactly to match what "well-known organizations" are looking for) and infiltrate the hell out of every single organization running a node. Once I had my team of "trusted insiders" in place, I'd gather a small team of coders who do nothing but find new ways to subtly exploit information the insiders are funneling out to them. If your tradecraft is good enough and your cracks richerchi enough, there's no reason you couldn't keep this rotten setup going forever: the whole fucking network, compromised right down to the ground. Meanwhile, everyone on the outside is lulled into a false sense of complacency, because, after all, these 5-10 remailers are "well-administered and professionally maintained"-- surely we can trust these reasonably well-known organizations who have sufficient legal firepower to defend themselves, can't we?

running a codebase which is as reliable as a standard MTA, with best-efforts spam and abuse prevention, would provide a better service to users than 100 99% reliable remailers running on cablemodems which can be incapacitated by a single email to noc@home.net or blown power supply or whatever.

If your whole system relies on 10 publicly exposed targets, it's only natural to assume attackers will focus all their energy on picking them off one at a time. Not exactly what I'd call a good place to be. The trusted-insider compromise I outlined above would do the trick, though I'm sure it's only one of a million things to worry about. If, on the other hand, you had a remailer system which borrowed elements from peer-to-peer technology, there'd be no stopping it. I'm certainly not pretending to be qualified to go into what that might entail, but if it's a question of feeling safer for your Hydra having ten heads or a million heads, the direction to go from here seems fairly logical and clearcut. And putting the issue of determining who to trust back in the hands of the individual end user rather than forcing them to make choices among 10 seems like a good idea to me. Just a thought. ~Faustine. *** He that would make his own liberty secure must guard even his enemy from oppression; for if he violates this duty he establishes a precedent that will reach to himself. - --Thomas Paine -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its affiliated companies. (Diffie-Helman/DSS-only version) iQA/AwUBPCOl0Pg5Tuca7bfvEQK/jACgx8dazqG5r6o9bkJrZLzdvNqApFMAoK+N 0jurhp2vE/Lao4vu71bOTWcE =mH3h -----END PGP SIGNATURE-----