1994-08-11 - Re: RemailerNet

Header Data

From: jdd@aiki.demon.co.uk (Jim Dixon)
To: lcottrell@popmail.ucsd.edu
Message Hash: 7b5cfa80ccdf932308701363e0d64966c9e5b7c6aa5b8ae8f243fcde61831cc9
Message ID: <5193@aiki.demon.co.uk>
Reply To: N/A
UTC Datetime: 1994-08-11 15:52:58 UTC
Raw Date: Thu, 11 Aug 94 08:52:58 PDT

Raw message

From: jdd@aiki.demon.co.uk (Jim Dixon)
Date: Thu, 11 Aug 94 08:52:58 PDT
To: lcottrell@popmail.ucsd.edu
Subject: Re: RemailerNet
Message-ID: <5193@aiki.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


In message <199408110150.SAA15634@ucsd.edu> Lance Cottrell writes:
> 
> jdd@aiki.demon.co.uk writes:
> >Compiling a list of remailers, sure.  But if you let the user control
> >how messages are chained, you are inviting real traffic analysis.  The
> >user should only be able to specify his destination and the level of
> >security desired.
> 
> How do you arrange things so that the remailers choose the path, and
> that if the first remailer is actually a TLA the destination is not
> compromised. I see no means by which any remailer which is not ultimately 
> trusted (i.e. owned by me) can be allowed to choose the routing of the
> message packets.
> 
> Example: I ask for a five link chain. Link one is NSA controlled. The NSA then
>         chains the message through 4 more NSA remailers, and on the final 
>	  destination. The upshot is a total loss of secrecy.

Terms are being used loosely.  I was responding to a critique of RemailerNet
v0.1 (RN0.1).  In this systems messages are packetized and the packets
routed independently, with the packets reassembled into messages at the
'destination gateway'.	User control of packet-level routing would
weaken the system.  RN0.2 permits the user to nest messages and to direct
messages to gateways as destinations.  This means that messages may be
bounced around in the system, adding some additional security.	So the
user can control chaining/routing at the message level, but not at the
packet level.

--
Jim DIxon





Thread