Re: How do I know if its encrypted?
At 10:08 PM 1/11/95 -0800, Eric Hughes wrote:
... Seems to me that a quite reasonable condition of use of a remailer is that what is passed isn't human readable.
Perhaps I missed this, but why? If someone is going to plant kiddie porn or whatever on you, does it really matter if they encrypt it first or not? If the purpose is simply to generate additional encrypted traffic to obscure stuff that needs encryption, that goal might be better served by simply encrypting files for their recipient as they pass through, in those cases where a public key is available and the msg isn't already encrypted. I forget the name of the cypher (Vigere, perhaps--the one that uses a series of Caesar-like cyphers keyed by a password), but you could just run it through that with a password of abcdefghijklmnopqrstuvwxyz and you'd flatten out the distribution enough to get it by casual inspection. --Paul J. Ste. Marie pstemari@well.sf.ca.us, pstemari@erinet.com
In article <9501130137.AA03281@eri.erinet.com>, pstemari@erinet.com (Paul J. Ste. Marie) wrote:
At 10:08 PM 1/11/95 -0800, Eric Hughes wrote:
... Seems to me that a quite reasonable condition of use of a remailer is that what is passed isn't human readable.
Perhaps I missed this, but why? If someone is going to plant kiddie porn or whatever on you, does it really matter if they encrypt it first or not?
The goal is to convince the two groups of concerned parties that the remailer operators don't know the contents of what's passing through their remailers: (1) the people who use the remailer, who get a measure of comfort from knowing their communication is secure (2) legal groups etc. who may try to hold the remailer liable in some way for what passes through their remailer. A large percentage of material that passes through remailers might be offensive to SOMEONE---if even just because an unpopular opinion is expressed. The remailers are operated by people who want to promote information flow, not restrict it. They provide an important service that is of critical importance to some people and groups who use the net. They shouldn't be held accountable for the few who abuse the remailers, and encryption helps prevent that from happening.
From: lce@wwa.com (Larry E) The goal is to convince the two groups of concerned parties[, in short, users & lawyers,] that the remailer operators don't know the contents of what's passing through their remailers: This is exactly right. With a sealed box which you can't look in at all, this is easy. Providing an assurance on a general purpose computer is more difficult. And yes, it _is_ always possible to simulate a filter that's not a filter, blah, blah, blah. We are in the realm of social interactions here, not in the realm of technology. The remailers are operated by people who want to promote information flow, not restrict it. They provide an important service that is of critical importance to some people and groups who use the net. They shouldn't be held accountable for the few who abuse the remailers, and encryption helps prevent that from happening. I agree with this argument. It is the germ of discourse about the public policy of remailers and anonymity generally. I want to point out the rhetorical content of this statement, though, more than my agreement with it. The cypherpunks list is filled with paranoid nay-sayers who can't distinguish their own paranoia from a legitimate technological failing. I feel a dire need for a positive rhetoric of cryptography. I want to be 'for' something and to know what it's good for rather than to be against everything that doesn't meet my personal desires. How many times have I seen particular solution whose response is "But I want more, and this won't work for that"! The most self-deceptive say "It can't be done", the slightly more honest say "You can't do it", and none say "I will not do it". So now all you people who think that remailers don't work, don't run one. Good, I see most of you are already complying with this directive. Even the simplest remailer has utility. If there were no utility, then nobody would use them (duh). It is not only foolishness and idiocy but also mendaciousness to say that "remailers just don't work". It is constructive to say, however, that "the current remailers don't work against the following opponent", but this is not usually the case. Rather, the speaker's paranoia silently projects their own requirements onto a technical discussion, leaving only confusion. Look at the recent conversation over postage for remailers. Paraphrasing: "Credit cards won't work because they're not anonymous". My response: "Bullshit". Using a credit card as a means of payment does put constraints on usage, but it doesn't prevent usage (duh redux). What credit card payment does do is to require more effort in order to link email transactions. This is an unalloyed good, but pure silver instead of gold. There are better ways, one of them First Virtual, which at the least has counterparty anonymity; another, blind sigs (as yet unusable for payments). The implicit assumption here is that "If I can't use it to smash the state, it's worthless". Well, thank you very much for constraining my ability for privacy with your political agenda. And I have a hint for all the state-smashing wannabe-businesspeople out there: the ones who have a business (less secure) now will eat your lunch for the business (more secure) later. To be dry and academic about this, I'd say that the problem was an insufficiency in threat modelling. But that just doesn't quite mean the same thing, n'est ce pas? Eric
At 10:08 PM 1/11/95 -0800, Eric Hughes wrote:
... Seems to me that a quite reasonable condition of use of a remailer is that what is passed isn't human readable.
From: pstemari@erinet.com (Paul J. Ste. Marie) Perhaps I missed this, but why? If someone is going to plant kiddie porn or whatever on you, does it really matter if they encrypt it first or not? If you can't read it, it's not kiddie-porn *for you*, although it might be for someone with the key. Encryption fragments meaning subjectively. A magazine, for example, has a fixed center of meaning for all who can read the language. A magazine looks the same to all who look at it. An encrypted file looks different to those who have the key from those who do not. Encrypted data is fundamentally different from paper-and-ink data in this way. The metaphor of "planting it on somebody" does not apply to data that the "somebody" can't read. I forget the name of the cypher (Vigere, perhaps--the one that uses a series of Caesar-like cyphers keyed by a password), but you could just run it through that with a password of abcdefghijklmnopqrstuvwxyz and you'd flatten out the distribution enough to get it by casual inspection. Fine. It think that would suffice. If you can't easily read it, you can't be expected to have read it. The operator of a data service has _zero_ motivation to cryptanalyze something. If they happen to apply a viewer to the file (for whatever reason), they don't _want_ to see what's inside. Eric
participants (3)
-
eric@remailer.net -
lce@wwa.com -
pstemari@erinet.com