Frothing remailers and trust

17 Dec 2003

      -----BEGIN PGP SIGNED MESSAGE-----

kevin@elvis.wicat.com writes:
...
It strikes me as critical; right now, a user has to choose to trust a
set of remailers, given no assistance other than a list of "reliable"
ones. Given an extended web of trust between remailers, the user can
choose to trust one remailer (I have no idea how to make this process
more palatable) and immediately gain the security of a large web of
remailers (maybe you are right about that instant gratification
thing...)
For what it's worth, I'm a remailer operator and I don't know any of
the other operators well enough to say that I'm sure that they're
trustable with respect to preserving privacy. (no offense intended.) 
I do, for the most part, trust them to forward almost all messages
but my conclusion is based in large part on Raph's list. Absent that
list, I don't think I'd have enough information on delivery reliability
to comment about that either. This "web of trust" thing sounds nice but
I can't participate because I don't know the other people involved. I 
think other remailer operators may be in a similar situation.

Your scheme seems to conflate two tasks/roles I think are separable -
remailing messages and specifying a trustable path for messages to 
take. The latter requires more information than I have - but it is
information someone could gather. I think it'd be possible for someone
to perform "remailer audits", and then report their findings. Some
part of that report might be in the form of a "Anon-To:" chain,
or probabilites for creating your own chain of messages; or maybe
the auditor would serve as a first-hop-but-never-the-last remailer,
passing the message along to remailers it believes to be reliable and
trustworthy. Premail seems to be a step in this direction, but it
chooses hops on the basis of reliability, not reliability + privacy.

Greg Broiles

tags

participants (1)