Remailers-in-a-box
root
root at einstein.ssz.com
Sat Jan 21 06:51:24 PST 1995
>
> - The entry point of a remailer is entry at remail.org,
>
> - entry at remail.org has a forward file to: batch at remail.org
>
I would state this is a security breach. entry at remail.org should not
know anything about the second level re-mailers other than a method to
identify them as legitimate.
> - batch at remail.org does the actual remailing, since remail.org has
> installed some sort of MX'ing all messages that leave batch at remail.org
> will advertise themself as nobody at expendable.org .
>
The 'client' re-mailers should be the ones to initiate the call-up, not the
entry re-mailer. This way if the portal is compromised no information can
be gained such as the list of clients. The entry re-mailer should sit there
waiting for a call. When it gets one it goes through some kind of verification
process (akin to some comments I maid back in the summer relating to making
all the packets encrypted at all times).
> - If you "loose" expendable.org, you simple set up a new account with
> MX'ing, the remailer-users will only notice the change in exit-header,
> the enrty-point of that remailer is still entry at remail.org
>
If you make the entry point anonymous and have at least two of the entry points
slaved (sorta like collision avoidance on ethernet) then the entry point never
has to change. Also if one goes down the other takes up the slack. It might
also be possible to have it route over-flow packets from the main router to the
slave router when traffic maxes out.
The reality is that the main point of attack is going to be the incoming
since if you take that one (if it is a smalll and simple re-mailer network)
will bring the whole system to its knees.
Take care.
Take care.
More information about the cypherpunks-legacy
mailing list