From: frantz@netcom.com (Bill Frantz)
Date: Wed, 6 Mar 1996 09:27:53 +0800
To: cypherpunks@toad.com
Subject: Re: (Fwd) Gov't run anon servers
Message-ID: <199603052233.OAA26287@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  1:08 PM 3/5/96 -0800, Jim McCoy wrote:
>The point is not to make a system which is absolutely, positively, no
>doubt about it, secure against any attacker.  If cypherpunks could do
>this they would be working for defense contractors and others who make
>certified systems.  The objective is to make a system which is difficult
>to attack, one which costs the attacker time/money. ...

It seems to me that one of the best ways to better protect the remailer
system would be to regulary change the remailer keys.  By destroying the
old secret keys, you protect the remailer and its operator against rubber
hose attacks aimed at decrypting recorded traffic.

As a suggestion: Assume you change the keys every week.  You post this
week's key to a public keyserver, replacing last week's key.  To allow
continuous operation you remember both this week's and last week's secret
keys and process messages encrypted under either.  To validate these keys,
you use a long-term key to sign them.  Note that for the really paranoid,
this long-term key can be kept at a separate site, and only used after e.g.
voice verification of the new key's fingerprint.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA