CNN.com on Remailers
Tim May
tcmay at got.net
Tue Dec 11 22:27:34 PST 2001
On Tuesday, December 11, 2001, at 09:41 PM, Len Sassaman wrote:
> On Tue, 11 Dec 2001, Tim May wrote:
>
>> [The "prompted a bunch of programmers to rethink" comment has it all
>> backwards. Chained remailers were deployed in 1992. The theory was
>> known from Chaum's 1981 paper, and the flaws in the
>> Kremvax/Kleinpaste/Julf/Penet type of approach were widely known: this
>> was why chained remailers, in multiple jurisdictions, were deployed.
>> Hal Finney wrote the first code for this, building on the
>> Perl/Sendmail scripts Eric Hughes had already released.]
>
> The quoted portion is basically accurate (true to what I said), but I
> was
> talking about theoretical attacks at that point. I think I said
> something
> along the lines of:
>
> "The cypherpunks developed a system based on the ideas in Chaum's 1981
> paper. Penet-style remailers were potentially vulnerable to hackers and
> court orders, which in fact ended up being the downfall of
> anon.penet.fi.
> These problems prompted them to build better remailers."
>
> I had this post up my screen when I was talking to him:
> http://www.inet-
> one.com/cypherpunks/dir.1997.05.29-1997.06.04/msg00310.html
>
> Penet was *in operation* prior to Eric and Hal's chained remailers,
> right?
> If not, then that's my error.
The Kleinpaste/Julf anonymizing service had been in operation, widely,
since 1991-2, before Cypherpunks, yes.
The CNN article is enormously misleading in many areas. The suggestiong
that Lance Cottrell used the Julf experience to add nested encryption is
false. The URL you quote above is one of the most detailed histories of
remailers, even if I do say so myself. (Thanks for reminding me/us of
it.)
From your recollection of what you said to the reporter, it looks like
the misunderstanding came from his thinking that the actual Penet
failure was what triggered the modern remailer approach, when in fact
you meant "these problems" in the sense that Chaum and others (us)
realized the obvious limitations of "anonymity services."
And apparently the reporter then spun a story about how Lance Cottrell
then invented message nesting, etc., all after the Penet failure. This
is completely backwards. (It's not just the inaccuracy, or giving Lance
too much credit...it's also that it makes it look as if we missed
something so utterly obvious, that we were blindsided by the legal
attack. Not so. And Chaum knew this at least as far back as '81.)
In the big scheme of things, maybe no one who matters will read the CNN
article. But it is false history and should be refuted. If not refuted,
future historians who write about this interesting period may use it as
primary source material.
If it isn't apparent, I make these points to correct the record, not to
criticize Len, Lance, Julf, or anyone else. But as the URL above points
out, we were fully aware of the problems with Kleinpaste/Julf-style
services and knew they were neither interesting from our point of view
or a stable basis for what we were seeking to build.
--Tim May
"Gun Control: The theory that a woman found dead in an alley, raped and
strangled with her panty hose, is somehow morally superior to a woman
explaining to police how her attacker got that fatal bullet wound"
More information about the cypherpunks-legacy
mailing list