zombied ypherpunks (Re: Email Certification?)

[Ola Bini]

At 17:43 2005-04-29, you wrote:
>Eh...for email you may have a point, but I'm not 100% convinced. In other 
>words, say they want to monitor your email account. Do you really believe 
>they are going to tap all major nodes and then filter all the traffic just 
>to get your email? ...

Well, they could just tune in on Echelon, which really seems to be reality. 
There is no need for "infinite" resources to do such a thing.

>This is that whole, "The TLAs are infinitely powerful so you might as well 
>do nothing" philosophy. And even though I might be willing to concede that 
>they get all that traffic, one hand doesn't always talk to the other. 
>there may be smaller branches on fishing trips accessing your email if 
>they want. if one were able to monitor the email account for access, 
>you'll at least force your TLA phisher into going through proper internal 
>channels. He might actually get a "no", depending on the cost vs risk.

Here is the fundamental misunderstanding. Your email is no "account". There 
are no place where your account is stored. The only thing that exists is an 
endpoint, where you receive your mail. Before the mail reaches that point, 
its's just TCP-packets on the wire. If the listener is on a mail router, 
you could possibly see a trace of it in the message header, but it's 
possible to rewrite that stuff to, so the only way to KNOW if someone reads 
your mail is to analyze the potential readers behaviour based on the 
information in your mail.

/O