Traceable Infrastructure is as vulnerable as traceable messages.

Jim Choate ravage at einstein.ssz.com
Fri Aug 3 18:28:24 PDT 2001 


On Fri, 3 Aug 2001, Ray Dillinger wrote:

> Now look at the system, the infrastructure, that you need to 
> send that message anonymously. It relies on identifiable 
> remops existing at known addresses.  Known to the people sending 
> messages == known to the cops.

Not necessarily. Consider 'small world' networks. The only people who know
(necessarily) of a given remailer are the operator and his users. They
share a set of keys so traffic can be source encrypted. The remailer
operator shares a seperate set of infrastructure keys with some of the
remailer operators that they know (as distinct from the users of that same
remailer/operator). Consider that sender/receiver know each other and can
use yet a third encryption layer that is independent from the other two
(ie the target address does not have to be known to the initial remailer
operator though it will be in the header going to the first remailer. None
of the intermediate remailers need to ever decrypt that far until the TTL
reaches zero/one (depending on design taste).

Now couple this with Plan 9's ability to completely distribute both
process and file space and 'where' a remailer might be, or even 'who' is
running it become a rather sticky point since it doesn't necessarily run
on the 'operators' hardware.
 
> If the law wants to take this thing down, they will  not be 
> attacking the strongest point -- ie, trying to trace individual 
> messages. 

But the only place they can trace messages in a 'small world' model is at
source/destination link, which means they're already on top of you. If
they're out fishing all they'd see is a bunch of packets sent between
remailers with the body encrypted several layers deep with keys held by a
variety of people.

The beauty of the 'small world' model is it does away with the 'trust
transivity' issue completely. All the intermediate remailers can do is
drop a packet. Which will get recognized pretty quickly because of the
inherent secondary (ie personal interaction) network that sits behind the
remailer network itself.

> Instead, they will attack the weakest point -- trying to drive 
> remailer operators out of business and thus destroy the 
> infrastructure you need.

With Plan 9 that would require them to outlaw using a particular OS. Maybe
in a lot of places, but not in the US.

> That is the threat model I'm concerned 
> about, and given that network monitoring is now automatable and 
> cheap, it is entirely do-able.

If you stick with current paradigms.


 --
    ____________________________________________________________________

                Nature and Nature's laws lay hid in night:
                God said, "Let Tesla be", and all was light.

                                          B.A. Behrend

       The Armadillo Group       ,::////;::-.          James Choate
       Austin, Tx               /:'///// ``::>/|/      ravage at ssz.com
       www.ssz.com            .',  ||||    `/( e\      512-451-7087
                           -====~~mm-'`-```-mm --'-
    --------------------------------------------------------------------

More information about the cypherpunks-legacy mailing list