Risks of using usually-reliable information sources in your programs

Bill Stewart stewarts at ix.netcom.com
Sun Oct 5 19:34:00 PDT 1997 


I've been thinking about building remailers and cover-traffic generators,
and there's a need for a convenient up-to-date list of remailers.
Raph Levien's remailer pinging service is definitely convenient,
and even produces some of its output in perl for use by perl programs.
However, it's important to be really careful when depending on information 
like this, e.g. when building it into programs, because otherwise it's
easy to trick them into using bogus data, such as the crudely forged
article sent to Cypherpunks earlier today.  The natural implementation is
to pick the more reliable remailers based on "Raph"'s statistics,
so adding records for very reliable bogus remailers is a win.

The security would be improved if Raph signed the weekly file,
but that also requires people using the file to check it with PGP
and not just grep out the relevant lines for their programs' use.

>X-Sender: stewarts at popd.ix.netcom.com
>X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.3 (32)
>Date: Sun, 05 Oct 1997 18:06:56 -0700
>To: cypherpunks at toad.com
>From: Raph Levien <raph at CS.Berkeley.EDU>
>Subject: List of reliable remailers
>Sender: owner-cypherpunks at cyberpass.net
>Reply-To: Raph Levien <raph at CS.Berkeley.EDU>
>X-Loop: cypherpunks at cyberpass.net
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>ADVERTISEMENT: Proudly Sponsored by the Electronic Forgery Foundation, 
>http://www.eff.com
>ADVERTISEMENT: Digicash Software - Download Today!  http://www.digicrime.com
>
>   I operate a remailer pinging service which collects detailed
>information about remailer features and reliability.
....
>recovery remailer at biglouie.fbi.gov        ############     0:01  99.99%
>payswell remailer at digicrime.com           ############     0:01  99.99%
>trustme  trustme at trustme.nsa.mil          ************     0:59  99.99%
>mulder   mulder at juno.com                  #*#*##*#*#*#     0:57  99.98%


				Thanks!
					Bill
Bill Stewart, stewarts at ix.netcom.com
Regular Key PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639

More information about the cypherpunks-legacy mailing list