From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Date: Fri, 3 Feb 95 11:42:44 PST
To: cypherpunks@toad.com
Subject: Re: Compromising the first remailer
Message-ID: <ab58386301021004942b@[132.162.201.201]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:11 PM 02/03/95, rishab@dxm.ernet.in wrote:
>Actually any remailer, with NSA-modified operating software, can correlate the
>message it receives to the one it sends out, by keeping track of the message
>past any decryption until it's posted out. With rational use of garbage and
>chaining, all you do is stop the NSA from knowing your final destination from
>the first remailer, but they _would_ know the identity of the second remailer
>(assuming the first is compromised) and could try to attack the second, ad
>nauseum. Of course this was always known to be the problem, to which chaining
>and traffic analysis evasion are partial solutions.

Yes, but as long as _one_ remailer in your chain is not compromised by the
NSA, and if that one remailer has high enough traffic going through it and
does the proper things with reordering and latency and such (a big "if",
currently), you're still safe.

That turns out to be the whole purpose of chaining, since it has been shown
that it doesn't neccesarily make traffic analysis any harder.  The purpose
is to hope that at least one link on your chain is both honest and properly
working.  Yeah, if all the links on your chain are NSA-sponsored, your in
trouble.  Nothing that can be done about that.