Who bought off Zimmermann?

Sampo Syreeni decoy at iki.fi
Fri Aug 30 21:26:54 PDT 2013 

On 2013-08-30, Jon Callas wrote:

> The crypto is the easy part. The hard part is the traffic analysis, of 
> which the worst part is the Received headers.

So, how would one go about a gateway which strips all of it on the way 
into/out of an onion router, without jeopardizing that basic 
functionality which can at all survive after anonymization?

At least to me it would seem that you can't adopt a firewall mindset 
where you just blacklist/shave-off certain features and options. If you 
want to be certain, you'll have to have an exacting parser which only 
accepts as an input language something "clean". Probably on the pain of 
rejecting a whole lot of otherwise common or even valid emails and such.

Has anybody tried to write a truly anal parser/normaliser/rejecter to 
date?

> There are plenty of other leaks like Message-ID, Mime-Version, 
> X-Mailer, the actual separators in MIME part breaks, and so on.

All except Message-ID can be dropped without jeopardizing service. 
Message-ID, well, that's just such a basic part of the service that 
you'd have to go with zero knowledge proofs in a funky and expensive way 
if you wanted to get rid of that one.

> It's absolutely correct that some combination of VPNs, Tor, remailers 
> of whatever stripe, and so on can help with this, but we're all lazy 
> and we don't do it all the time.

We need them *too*. Doesn't mean we shouldn't sanitise our outgoing (and 
incoming, because of replies) email all the same. Automatically. With 
minimum hassle. On as many platforms as needed.

> What we're learning from Snowden is that they're doing traffic 
> analysis -- analyzing movements, social graphs, and so on and so 
> forth.

True Names. They're now there. So let's deal with the problem.

> The problem isn't the crypto, it's SMTP.

Yes, SMTP is the basest problem. It's difficult to get around envelop 
addresses in the clear and all that. But above you talked about 
something within the protocol which *can* be sanitised. Let's do that, 
programmatically, at least, and right now. After that, it's suddenly 
*much* easier to deal with the address on the envelope.
-- 
Sampo Syreeni, aka decoy - decoy at iki.fi, http://decoy.iki.fi/front
+358-40-3255353, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2

More information about the cypherpunks mailing list