-----BEGIN PGP SIGNED MESSAGE-----

Except one. What all of these agents have in common is that they interface with the Windows Sockets API to establish TCP streams that are used in the POP and SMTP protocols. Since these are well known and standardized protocols, this gives us our toehold.

How might an interposed winsock DLL recognize what high level protocol it was going to spoof? Getting the port number will be a very good approximation, but I'm not convinced of its reliability.

Well, it could be done "by definition." Let's say I tell my Eudora that the SMTP and POP address to use is 192.0.0.1. I can now configure my spoofing agent that when there is an attempt to establish a TCP stream on port 110 of 192.0.0.1, I can be assured that it is the mailer trying to retrieve mail. Likewise for mail delivery (and news, spoofing NNTP, though this is probably an order of magnitude more complicated than just mail.)

As to the general issue of MSWindows v. Unix, the Unix predominance for remailer software involves the fact that Unix is on the bulk of the machines connected to the Internet. It's more reliable for offering network services than MSWindows and it's got a cleaner architecture for reconfiguration. None of these explanations, however, means that there won't be more MSWindows that Unix boxes for a long time.

Of course. Unix was around long before DOS/Windows gained market dominance of the personal computing market. And for automated encryption on that platform, premail seems to do a great job (though there are some features I'd like to see added, Raph). The unfortunate thing I think is that Unix/X-Windows has never gained a foothold in the "consumer" market. - From a marketing perspective, if we are trying to "sell" strong crypto use to the "masses", then it is only prudent to assess where these types of products would be deployed. And the two platforms that will entirely make up the personal computing market will be DOS/Windows95 and to a lesser extent, OS/2 Warp. This was a subject brought up at the last Cypherpunks meeting (by Tim, I think.) For fifteen years we have had some pretty sophisticated theoretical models of strong cryptographic techniques. Some of these, such as PK encryption, have reached the "masses" in the form of PGP. Others, such as digital cash, have been mired in implementation issues. It is frustrating to read about and listen to lectures on advanced cryptographic subjects (such as all the great presentations at the last meeting), knowing that it may be years before this "theory" makes it into "practice." I will be happy when cryptography is as ubiquitous on a PC as screen savers. ======================================================================= Johnathan Corgan "Violence is the last refuge of the incompetent" jcorgan@netcom.com -Isaac Asimov PGP Public Key: http://www-swiss.ai.mit.edu/~bal/pks-toplev.html Or send email to: pgp-public-keys@pgp.ai.mit.edu Subj: GET jcorgan ======================================================================= -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLu3ksU1Diok8GKihAQFyXwQApqXdcRfM7cV2EeRbrB6xMDXwJwWSFl5i 3gwTwDkZ8omK/9N+R9gLx4V6CcpPo7kku+GfUy7dkj4wDYtLTZ7m2sZ+mvg0FJNS 3LUSOKC911LpGj9m7uUcFKF+OsthO7WDz5Xtk5AMUTK26Uo0W4lOxBgOTrdiCdDx q3rYla9+ueU= =TL0Z -----END PGP SIGNATURE-----