1995-02-02 - Re: Frothing remailers - an immodest proposal

Header Data

From: kevin@elvis.wicat.com
To: cypherpunks@toad.com
Message Hash: bb0a9ce0a7091ecc9681b9dee02a32a07855195bbc757ba6716597f9fb3b40bb
Message ID: <9502020118.AA01956@toad.com>
Reply To: N/A
UTC Datetime: 1995-02-02 01:18:11 UTC
Raw Date: Wed, 1 Feb 95 17:18:11 PST

Raw message

From: kevin@elvis.wicat.com
Date: Wed, 1 Feb 95 17:18:11 PST
To: cypherpunks@toad.com
Subject: Re: Frothing remailers - an immodest proposal
Message-ID: <9502020118.AA01956@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


[deletia]

>Now, dynamic rerouting is good for better delivery, but is bad for the
>trust in silence.  Trust in externally unverifiable properties is
>_not_ transferrable.  Just because I believe that my regular remailer
>is OK does not mean you do.  The creation of these links of trust is
>not something that can be automated solely by the remailer operators.
>The end users of the remailers are the endpoints of this trust
>relationship.  The end users must be involved, either directly or
>through some (legal) agent, in the manipulation of these relationships.

First, I must admit to being somewhat out of my depth here; this seems
to be becoming a philosophical problem. With that shameful admission out
of the way, let me bull ahead regardless.

It seems to me that I can choose to trust in the fact that *your* trust
in other remailers is well founded. This then becomes a third category
of trust for a given remailer: trust that it will deliver (verifiable);
trust that it will be silent (unverifiable); and trust that its
operator has good judgement in choosing who to trust (unverifiable).
These latter two are, and should be, the end users responsibility.

Now, as I have mentioned in an earlier message (I'm being far too
verbose today) I am proposing that dynamic routing be optional, though
the default behavior, for reasons mentioned there. Thus, if I, as user,
choose to allow dynamic routing (through omission - I must admit, I am
becoming less fond of the notion of this as default behavior - it begins
to smack of the heresy of "implied consent") I am expressing the third
flavor of trust, just as by using the remailer at all, I am expressing
the second variety.

Of course, I still have to trust that a remailer will honor my routing
requests. However, I believe this falls fair and square into the second
category (trust in silence)

>Any solution which tries to do this independent of the end user is
>broken, by definition.

--
    Kevin

    ( I have no joke here, I just like saying "I trust a remailer if
      it is trusted by an entity I trust to trust remailers".)






Thread