CDR: Re: Re: -C-P- Re: would it be so much to ask..

[Tim May]

At 9:36 AM -0400 9/20/00, Asymmetric wrote:
>
>I do understand how both types work, however, the opportunity for 
>subterfuge is always present. I was making a point that the assumed 
>security of a remailer should not factor in if you intend to put 
>yourself at risk.  Assumptions are dangerous all over the place, and 
>if your assumption could get you into trouble, it's better to verify 
>it or not instead of just proceeding blindly, if at all possible.

And yet you have repeatedly blathered on about how "forging headers" 
is a good alternative to anonymous remailers. Your explanations 
indicate you just haven't grokked the level of misdirection and 
untraceability behind the use of N nested remailers, encrypted at 
each stage.
>
>What is the outrageous claim?  That someone could purposely set up 
>an insecure remailer, claim that it's secure, and that people could 
>then unwittingly use it to incriminate themselves?

There has never been any doubt that some particular remailer may be 
logging and correlating: this is why N remailers are recommended, 
with the heuristics we've been discussing here since 1992. (For 
example: encrypt at every state, a la Mixmaster-type remailers, 
include one's _own_ remailer in the chain, loop multiple times, etc.)

You keep tossing about the "insecure remailer" claim, seemingly not 
knowing the implications of N-chained remailing. Hint: there is 
essentially nothing a particular remailer can do to such a chained 
message except see where he's being asked to send it and correlate 
this with where it came from. He can't see inside the packet (for 
obvious reasons), he can't alter the packet (because then later 
decryptions fail and the packet gets dumped), and he can't even 
change the remailer he is supposed to deliver to. All he can do is 
correlate, which is, of course, bad. Hence the role of multiple hops.

Still a far cry ahead of your oft-mentioned "mail header forgery" 
alleged solution.
>
>It comes down to a simple bit of confusion on my part.  I cannot 
>understand the mentality of someone who has the time and resources 
>to effectively combat the spam on this list, and yet who does not 
>have the time or resource to either respond in a somewhat civil 
>fashion, or to just delete the message along with the rest of the 
>refuse.
>
>You seemed to be a bit more level headed, so while I still totally 
>disagree that it's a waste of time to try and figure a way around 
>this problem, I haven't utterly lost respect for you as I have with 
>Tim.  "Pillar of the community" or not, the guy is an utter asshole.

"Somewhat civil fashion" and "a bit more level headed."

You're also a pompous ass. At least you called me "Tim." Most pompous 
asses here fall into the pseudo-Brit mode of calling me "Mr. May" 
when they are being pompous.

As for your comment that you have never used an anonymous remailer, I 
had already concluded as much.


--Tim May
-- 
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
ComSec 3DES:   831-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
"Cyphernomicon"             | black markets, collapse of governments.