CNN.com on Remailers

Jim Choate ravage at EINSTEIN.ssz.com
Sat Dec 29 08:02:22 PST 2001 


On Sat, 29 Dec 2001, Bill Stewart wrote:

> > At 09:01 PM 12/17/2001 -0600, Jim Choate wrote:

> The only way to get security is for the originator to do the encryption -
> otherwise, if ANY remailer in the chain is compromised,

Actually this isn't the 'only' way. ALL (!!!) that is required to keep the
security of the email traffic is that it is source encrypted for the
destination; it's gibberish to all middle-men. What the remailer chain
does is break the causal connectivity, it provides plausible deniability.

Now, with respect to middle man routing, if each middle man routes to
another layer randomly then it addresses the exact issues of a 'turned'
remailer. In addition, with the current 'ad hoc' key management mechanism
getting intermediate keys isn't that hard (just pose as a remailer
operator and they'll gush into your keyring). A solution to this problem,
that you won't accept but 'oh well', is to create the network using 'small
world' approaches so that the remailers have a 'back channel' to
continously validate the 'reputation' of the next stage remailers (ie ala 
'igor') while at the same time not even knowing what other remailers out
there might exist in the 'remailer cloud' (and more importantly not
caring).

This approach has a couple of additional advantage; it doesn't require the
user to understand some hard to comprehend syntax for the remailers, and
it doesn't require the user to keep all this evidence around a priori to
their actual use of the remailer chain (ie they don't have to d/l a key
from anywhere mecessarily) - traffic analysis.

> the Bad Guys can read the message.

At no point can anyone other than the recipient 'read the message', unless
it was sent in the 'clear' in the first place (silly thing to do).

> If the originator does the crypto,
> then EVERY remailer in the chain has to be compromised to break it.

ROTFLMAO. ONLY(!!!) if the source didn't destination encrypt to begin
with. A critical step you seem to not quite 'get'.

[other 'stuff' deleted]


 --
    ____________________________________________________________________

             Day by day the Penguins are making me lose my mind.

                                             Bumper Sticker

       The Armadillo Group       ,::////;::-.          James Choate
       Austin, Tx               /:'///// ``::>/|/      ravage at ssz.com
       www.ssz.com            .',  ||||    `/( e\      512-451-7087
                           -====~~mm-'`-```-mm --'-
    --------------------------------------------------------------------

More information about the cypherpunks-legacy mailing list