Frothing remailers and trust

Thu Feb 2 06:09:53 PST 1995

-----BEGIN PGP SIGNED MESSAGE-----

kevin at elvis.wicat.com writes:

> It strikes me as critical; right now, a user has to choose to trust a
> set of remailers, given no assistance other than a list of "reliable"
> ones. Given an extended web of trust between remailers, the user can
> choose to trust one remailer (I have no idea how to make this process
> more palatable) and immediately gain the security of a large web of
> remailers (maybe you are right about that instant gratification
> thing...)

For what it's worth, I'm a remailer operator and I don't know any of
the other operators well enough to say that I'm sure that they're
trustable with respect to preserving privacy. (no offense intended.) 
I do, for the most part, trust them to forward almost all messages
but my conclusion is based in large part on Raph's list. Absent that
list, I don't think I'd have enough information on delivery reliability
to comment about that either. This "web of trust" thing sounds nice but
I can't participate because I don't know the other people involved. I 
think other remailer operators may be in a similar situation.

Your scheme seems to conflate two tasks/roles I think are separable -
remailing messages and specifying a trustable path for messages to 
take. The latter requires more information than I have - but it is
information someone could gather. I think it'd be possible for someone
to perform "remailer audits", and then report their findings. Some
part of that report might be in the form of a "Anon-To:" chain,
or probabilites for creating your own chain of messages; or maybe
the auditor would serve as a first-hop-but-never-the-last remailer,
passing the message along to remailers it believes to be reliable and
trustworthy. Premail seems to be a step in this direction, but it
chooses hops on the basis of reliability, not reliability + privacy.