Remailers.

22 Dec 1992

      -----BEGIN PGP SIGNED MESSAGE-----

One problem with the current encrypted remailers that people should
be aware of is that, since they operate unattended, they have to be
able to decrypt messages automatically.

This means that when an incoming messages arrives, the remailing software
automatically runs PGP on the incoming message to do the decryption.
But to decrypt, PGP has to be given the pass phrase for the remailer's
secret key.  The only way this can be done is to have the pass phrase,
IN THE CLEAR, in the remailing software scripts.

The scripts are (or should be) protected using the Unix file system
so that only the owner and root can read them.  But it's important to
know that root has access both to the secret key ring which holds the
remailer's key, and to the pass phrase which will activate that key.
This means that, at any time, root can find out the secret key of the
remailer, and read all messages encrypted for that remailer.

I don't think there is any way around this problem if the remailer is
going to run unattended.  The only real solution is to operate on a
machine where it doesn't matter whether root knows the key; that is,
a machine where root is the operator of the mailing list.

Hal
74076.1041@compuserve.com

-----BEGIN PGP SIGNATURE-----
Version: 2.1

iQCVAgUBKzcZ0agTA69YIUw3AQEFhAQAlloC1eyaIuJDG91VzPoRv0MjzKlob8Te
C3N7XWLvszypOgKNBoEb1z8fF5ZsS20NhhRhtr7A3J4jxe88vGuea0Kvxzj4NGd4
bQeewhYk01ygoLzZOwv8BnN6pE7/uxk5POWq3XQuX80VQzistePfRRdNozTA09EY
4bBOr3s9Ig8=
=nJ/a
-----END PGP SIGNATURE-----

My public key, signed by PRZ:

Hal

tags

participants (1)