.

Igor Chudov @ home ichudov at Algebra.COM
Fri Dec 4 17:52:15 PST 1998 


Anonymous wrote:
> 
> 
> 
> ...
> > A few rules of thumb result from even cursory examination
> > of the likely environment:
> > 
> ...
> > 5. Ultimately, the only way the remailers will provide
> >    what might be described as Pretty Good Security will
> >    be when we have software that maintains a regular
> >    or random rate of messages to and from the remailer
> >    cloud, a stream into which the meaningful messages
> >    can be inserted with no visible change in traffic.
> >    Until then, the best we can do is try to keep traffic
> >    levels up, and to send and receive frequently enough
> >    to frustrate end-to-end traffic analysis.
> 
> Well, the existing remailer net doesn't make "Pretty Good" anonymity very
> feasible. I'd think something based on the general idea behind Crowds.
> 
> (Furthermore, most remailer structures still can't erase some other security
> concerns --
>   1: remailers acutally can be hacked or physically compromised
>   2: clients really can be screwed
>   3: etc.
> 
> To help solve the first, you'd want a two-box setup doing remailing, with the
> security-critical stuff loaded on a box not directly connected to the Net with
> something 140-1ish to make tampering harder, a secure OS, etc. -- or, of
> course, you can scrap all that to get really big remailer count.

As long as you do not see the box and do not control its manufacture,
I see no reason why you should have ny more trust in it.

igor

> To help solve the second problem, there needs to be a better web-of-trust 
> setup -- that is, one which applies to code as well as keys. Those who wish to
> verify code get a .sig-verifying program from a trusted source then use a WoT
> to authenticate various facets of the program necessary for security.
> 
> A solution to the third problem is expected RSN.)
> 
> > 
> > 6. Don't send anything that can have grave consequences.
> 
> Remember the consequences to an adversary who uses its secret decoder ring,
> though: the more plausible it becomes that a certain source is being used for
> intelligence-gathering, the more likely it is that that source will promptly
> begin to run dry as the spied-upon realize that Something Got Broke.  My
> advice, however, agrees with that of the other Anonymous. That is, unless
> you've really thought things out, think of an remailed message as merely
> .sigless, not anonymous.
> 
> > 
> > 7. Take names. Always take names. Some day...
> > 
> > FUDBusterMonger
> > 
> > It Ain't FUD til I SAY it's FUD!
> 



	- Igor.

More information about the cypherpunks-legacy mailing list