No Subject

remail at desert.xs4all.nl remail at desert.xs4all.nl
Wed Feb 1 19:08:30 PST 1995 

##
Subject: Re: Frothing remailers - an immodest proposal
In-reply-to: <199502010520.VAA04884 at largo.remailer.net> (eric at remailer.net)

> Date: Tue, 31 Jan 1995 21:20:28 -0800
> From: eric at remailer.net (Eric Hughes)
> 
>    In article <9501312152.AA10208 at toad.com>,  <kevin at elvis.wicat.com> wrote:
>    >It seems to me that the current remailer web suffers a fundamental flaw.
>    >It is simply too static.
> 
> Now, dynamic rerouting is good for better delivery, but is bad for the
> trust in silence. [...] The end users must be involved, either directly or
> through some (legal) agent, in the manipulation of these relationships.
> 
> Any solution which tries to do this independent of the end user is
> broken, by definition.
> 
> Eric

  Well, pgp support multiple recipients of messages.  Supose that the
remailers would choose at random only one of the addresses the user
(or their client program) requested in a header line like:

Request-ND-Remailing-To: RM1 at a.b.c, RM2 at c.d.e, RM3 at e.f.g

and try to deliver.  If the mail fails right away, then it tries
another address.  Etc.

  The very paranoid user would avoid this feature, and stick with the
old fashioned system.  The paranoid would list two remailers, and
encrypt the folowing message to both of them, and probably add a few
more levels to the chain, just to be sure.  The compleatly trusting
would only have two levels of remailing, but which listed every
remailer as a posible recipient of the message they send to the first
in the chain.

  In this way we get better reliability, but still have user control
over selecting the remailers.  In fact, the user can select arbitrary
message reliability, and remailer trust parameters, and should be able
to come up with a set of nd-hops to meet the parameters.

  Hey Wei, Hal: What is the cost of this in terms of likelyhood that
the whole path of remailers actually selected is compromised?  Is this
about right?  If 50% of the remailers are run by the enemy, then with
only one remailer listed in each hop, the odds of the path being
compromised is (.5)^h (where h is number of hops).  The odds of
successfull delivery are .90^h (asuming every remailer is 90% up).  If
at each step there were two remailers, and the evil remailers always
selected other co-operating evil remailers, then the odds of the path
being compromized is larger at ((1-.5^2)==.75)^(h).  But the odds of
sucessfull delivery are much better, (1-((1-.90)^2)==.99)^(h).  To
keep the same chance of the path being compromised, the user would
need to have 'x' times more hops where x is such that (.75)^x == .5,
or about 2.4 times as many.

  Hmmm...

  Noyb

More information about the cypherpunks-legacy mailing list