From: gtoal@an-teallach.com (Graham Toal)
Date: Fri, 20 May 94 11:31:32 PDT
To: m1tca00@newfed.frb.gov
Subject: Re: PGP 2.5--some questions.
Message-ID: <199405201830.TAA17866@an-teallach.com>
MIME-Version: 1.0
Content-Type: text/plain


: From: m1tca00@newfed.frb.gov (Thomas C. Allard)

: > > To respond to the sender of this message, send mail to
: > > remailer@soda.berkeley.edu, starting your message with
: > > the following 7 lines:
: > > ::
: > > Response-Key: ideaclipper
: > 
: > > ====Encrypted-Sender-Begin====
: > > MI@```$US^P;+]AB?X9TW6\8WR:>P&2'9,7.YM5[D5-D0)[3;\@M3L:625SRF
: > > E&M(.3FCF)SX,HK/F!CHPO!/>L.D#Z=4(++Q872W\KAK[:?GOT```
: > > ====Encrypted-Sender-End====
: > 
: > Thus the NSA just needs to crack the "soda" key in order to get hold
: > of a person who knows something about an ITAR infringement.
: > 
: > Is there a way to instruct a cypherpunk remailer to omit the last
: > seven lines?

: He most likely used a chain of remailers.  That's the REASON for
: the last seven lines (instead of a simple anonXXXX-type address.
: When you send those 7 lines to the soda remailer, it decrypts it
: and finds ANOTHER address to send it to.  It can do this as many
: times as you like.

When this feature was put in recently, in response to a suggestion of
mine (which I now regret because of...), I intended for each posting
to be encrypted with a different randomly-generated key, and for the
key to be deleted after being reused on reply.  Unfortunately Eric
chose not to implement it that way, and although he promised to cycle
the keys periodically, he seems not to have done so.  I agree with whoever
it was above that was in fear of the key being compromised - it *is* a
possibility, and that's why I wouldn't use that remailer, if I ever had
to use a remailer.

G