RE: CNN.com on Remailers
Jim Choate[SMTP:ravage@ssz.com]
On Mon, 17 Dec 2001, Trei, Peter wrote:
Yes, I have read the letter - they need to treat input from known remailers differently due to worries over spam and flooding attacks, so they treat
other known remailers as priviliged sources of high volume traffic.
If the sending node doesn't know about the destination node, how does it konw where to send the traffic (even if the sender provides the address)? The reality is that the remailers must 'know' of each other one way or another. Simply being part of a 'remailer network' (anonymous or not) tends to already put one in a 'conspiratorial' situation.
Truly robust remailers MUST be located in domains that protect speech and association with something similar to 'innocent until proven innocent'. That's the only defence against 'conspiracy'.
Typical Choate, missing the point. A remailer simply gets sent a message, applies it's decryption key, and sends the contents on to the next address (yes, this type of remailer does not include nice features such as cover traffic). It has no idea if the address it received the message from is a remailer. It has no idea if the address it forwarded the message to is a remailer. It doesn't need to. Chaining is the sender's problem. The point here is that the remailer treats other remailers exactly as it treats source and destination nodes. There is no file on the remailer which says "I'll treat hosts from this list specially". This prevents the remop from having to worry about being sucked into a conspiracy charge for a crime commited by a different remop. He doesn't know, need to know, or want to know what other sites are remailers. He doesn't need to know the other remops, or communicate with them, except to inform the world (not just remops) that 'there is a remailer here." Peter Trei ============================================================================ ================ This e-mail, its content and any files transmitted with it are intended solely for the addressee(s) and are PRIVILEGED and CONFIDENTIAL. Access by any other party is unauthorized without the express prior written permission of the sender. If you have received this e-mail in error you may not copy, disclose to any third party or use the contents, attachments or information in any way, Please delete all copies of the e-mail and the attachment(s), if any and notify the sender. Thank You. ============================================================================ ================
On Mon, 17 Dec 2001, Trei, Peter wrote:
Typical Choate, missing the point.
Merry Christmas to you too.
A remailer simply gets sent a message, applies it's decryption key,
The same key it shares with everyone else (all users to anon_1 use the same key - bad!!! idea). Allows you to build up a big library of plain-cypher pairs, and if you send it to yourself you can attack their private key as well.
and sends the contents on to the next address (yes, this type of remailer does not include nice features such as cover traffic).
And it can't encrypt that outgoing traffic since it doesn't have the key to the destination (I assume the user must nest these themselves). This represents a lot of work for the initiator of a email, especially if they're in a 'sensitive' situation. Too big a 'signature' (the traffic analysis kind).
It has no idea if the address it received the message from is a remailer. It has no idea if the address it forwarded the message to is a remailer. It doesn't need to. Chaining is the sender's problem.
The sender having to know all the steps is a major threat to the standard remailer model. In fact it's one of the major shorcomings with the current approaches. The sender should at most be able to set the number of remailers, not which ones. That way there's on evidence sitting around on their machines (and you can posit throwing the keys away each time - but then you have to go out and get them again...and around and around we go). One of the primary points of any remailer technology should be to minimize the threat to the user. This model doesn't. -- ____________________________________________________________________ Day by day the Penguins are making me lose my mind. Bumper Sticker The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
-- On 17 Dec 2001, at 21:01, Jim Choate wrote:
On Mon, 17 Dec 2001, Trei, Peter wrote:
Typical Choate, missing the point.
Merry Christmas to you too.
A remailer simply gets sent a message, applies it's decryption key,
The same key it shares with everyone else (all users to anon_1 use the same key - bad!!! idea).
You know nothing about encryption.
Allows you to build up a big library of plain-cypher pairs, and if you send it to yourself you can attack their private key as well.
No you cannot.
The sender having to know all the steps is a major threat to the standard remailer model.
You know nothing about remailers. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 8RSVVHohMThQae7dkZnrZsELFbCgTRs3+Y/6UCT+ 4dY/aAa7Ke/htbQbZmQO+evUz7HxXS5CCHghCZhXn
participants (3)
-
jamesd@echeque.com -
Jim Choate -
Trei, Peter