From: Liz Taylor <liz@nym.alias.net>
Date: Thu, 2 Jan 1997 01:26:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: premail.
In-Reply-To: <199612310718.BAA02863@manifold.algebra.com>
Message-ID: <19970102092611.13841.qmail@anon.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


rcgraves@disposable.com (Rich Graves) wrote:
> Big Moma wrote:
> > 
> > ichudov@algebra.com (Igor Chudov @ home) wrote:[...]
> > > Maybe remailer operators should asks someone reputable to sign their
> > > remailers' keys so that the users can easily verify the signatures.
> > 
> >         Yes, that is one part of it. Another part is that Raph should
> > include a public PGP key in the premail program and then sign both the
> > remailer-list and the pubring at kiwi.cs.berkeley.edu with it.
> 
> Those resources are automatically generated by programs running on a 
> machine of unverified security on the Internet. A PGP signature doesn't 
> mean much in such a situation.

	Agreed. Considering that the remailer chains were designed to
withstand such sofisticated attacks as traffic analysis, it is too bad
the tool which most people probably use to access the remailers is
vulnerable to a simple spoofing attack such as this.

	I just realized that the spooks do not really need multiple
Mallories. If they want to wiretap a particular person, a Mallory on his/her
Internet link is all that is needed. This Mallory can spoof both the incoming
pubring.pgp and the outgoing encrypted mail.

	I suggest that if the `cypherpunks write code' motto has still
any value, we discuss ways to eliminate this vulnerability from premail.
Maybe we should take the discussion to cryptography, or coderpunks,
or even premail-dev?