At 8:51 PM 02/09/95, Wei Dai wrote:

It seems to me that if a user maintains a 24-hour a day pipe to an uncompromised server, then the method I described earlier against remailers should not work against that user. Otherwise, some kind of in-out statistical analysis may work.

Ay, what a good point. I know this connection is incredibly obvious, but just in case no one has yet made it, I will. A "pipe-net" host running Wei's L- modification to Matt's ESM, which was also running a remailer, would provide pretty much untraceable entrance to the remailer net. The remailer software wouldn't even need to be integrated with the pipe software in any way, as long as the user had a secure connection to the host, he could just connect to the SMTP port and send the message to the remailer that way. I would guess that the attack Wei described, as well as almost every other, if not every other, traffic analysis attack would fail if users were utilizing this. You could trace the message to a given "pipe net" host using traffic analysis, but you wouldn't be able to trace it to a user, if he was using the pipe net appropriately. Obviously, this also requires a sufficient number of people to be using the pipe net host, so that no real information is gained just by tracing the connection to a given pipenet host. And of course non-pipe-net users are using the remailer on the machine to, which makes things a tiny bit more complicated for the traffic analysits Note also that the bandwith could be kept extremely low. Even something like 10cps. So, maybe it takes you up to a couple hours to actually transit your message to the pipe-net host remailer, but we currently dont' expect instantaneous remailernet transmission anyway. We've learned to live with latency on the order of hours, as opposed to seconds, so adding several more hours onto the chain isn't a problem. And with a bandwith maintained that low, the pipenet host could theoretically host many many "pipe net remailer" client users, without causing a serious problem. This seems like a really exciting thing to me. That we already have the tools available for, right now at this very second, now that Wei has done the link encryption mod to ESM.