In message <199408110150.SAA15634@ucsd.edu> Lance Cottrell writes:
jdd@aiki.demon.co.uk writes:
Compiling a list of remailers, sure. But if you let the user control how messages are chained, you are inviting real traffic analysis. The user should only be able to specify his destination and the level of security desired.
How do you arrange things so that the remailers choose the path, and that if the first remailer is actually a TLA the destination is not compromised. I see no means by which any remailer which is not ultimately trusted (i.e. owned by me) can be allowed to choose the routing of the message packets.
Example: I ask for a five link chain. Link one is NSA controlled. The NSA then chains the message through 4 more NSA remailers, and on the final destination. The upshot is a total loss of secrecy.
Terms are being used loosely. I was responding to a critique of RemailerNet v0.1 (RN0.1). In this systems messages are packetized and the packets routed independently, with the packets reassembled into messages at the 'destination gateway'. User control of packet-level routing would weaken the system. RN0.2 permits the user to nest messages and to direct messages to gateways as destinations. This means that messages may be bounced around in the system, adding some additional security. So the user can control chaining/routing at the message level, but not at the packet level. -- Jim DIxon
participants (1)
-
jdd@aiki.demon.co.uk