CDR: Re: Anonymous Remailers cpunk
Bill Stewart
bill.stewart at pobox.com
Mon Oct 16 09:46:37 PDT 2000
At 07:18 PM 10/13/00 -0500, Jim Choate wrote:
>Where's the key management mechanism to ensure the security of the traffic
>in the remailer network?
That's unfortunately a potentially serious problem given current practice.
Most remailer keys are unsigned, or at best self-signed, so the only
way to know if a key is the real one is to compare it with the first
announcement of the remailer on the remailer-operators list -
which as far as I know isn't archived anywhere.
*Sloppy* practice, and not hard to change if people wanted to.
And some remailers occasionally change their keys,
either for periodic hygiene or because they lost a disk drive,
or at least there are announcements to the list claiming they have,
usually not even signed with the old key.
Of course, no Bad Guy would *ever* think of eavesdropping the
PGP.com or MIT keyservers to do traffic analysis on key requests.
Thanks!
Bill
Bill Stewart, bill.stewart at pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
More information about the cypherpunks-legacy
mailing list