From: eric@remailer.net (Eric Hughes) From: Nathan Zook <nzook@bga.com> I also believe that hacking PGP is a bad thing (tm), because it means that every time an upgrade comes out, it will need to be re-hacked, and once you start hacking, when do you stop? I agree. PGP just does not have the support for the encryption required for mixing remailers. These deficiencies have been known for about two years at this point and still nothing has happened. I expect this not to change anytime soon. That means that we have to replace PGP as the encryption module for remailers. The first thing to do is to design a data format which supports what the remailers need now, and nothing speculative. Since this data format has a single purpose, we can make new revisions more easily than for a general purpose package. Once we get a data format, implementations will follow. Eric As I've considered this problem, I've arrived at essentially the same conclusion. We need an RSA-IDEA package that does something very close to Mixmaster. The only caveat is that we _must_ retain compatibility between signature formats, even though, as I've suggested, a signature on a remailer's key might mean something different than a signature on an individual key. Nathan