CDR: Re: Anonymous Remailers cpunk
At 07:18 PM 10/13/00 -0500, Jim Choate wrote:
Where's the key management mechanism to ensure the security of the traffic in the remailer network?
That's unfortunately a potentially serious problem given current practice. Most remailer keys are unsigned, or at best self-signed, so the only way to know if a key is the real one is to compare it with the first announcement of the remailer on the remailer-operators list - which as far as I know isn't archived anywhere. *Sloppy* practice, and not hard to change if people wanted to. And some remailers occasionally change their keys, either for periodic hygiene or because they lost a disk drive, or at least there are announcements to the list claiming they have, usually not even signed with the old key. Of course, no Bad Guy would *ever* think of eavesdropping the PGP.com or MIT keyservers to do traffic analysis on key requests. Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
participants (1)
-
Bill Stewart