From: Jim Hart <hart@chaos.bsu.edu>
Date: Wed, 21 Sep 94 06:12:58 PDT
To: cypherpunks@toad.com
Subject: Re: On the crime bill and remailers
In-Reply-To: <199409202320.SAA00228@omaha.omaha.com>
Message-ID: <199409211314.IAA25946@chaos.bsu.edu>
MIME-Version: 1.0
Content-Type: text/plain



Hal Finney assumes that cooperating attackers are monitoring each and 
every remailer site used by a well-constructed message (which I define 
as two or more jurisdictions, at least one private box, and nested encryption).
While ubiquitous wiretap is a good worst-case assumption to make 
when designing the remailers, the odds that all the remailers in such
a chain are being wiretapped is vanishingly small.  A post-hoc attack
of examing logs, like what the FBI is probably doing now for the RC4 
incident, is much more likely.   A wiretap attack would only become 
even remotely likely if there was a repeated pattern, for example 
regularly leaked trade secrets that appeated to come from the same 
originator.

Despite the possibility that the RC4 leaker used the predictable 
'premail', or perhaps didn't even use nested encryption at all, and 
that the leak was serious enought to make the front page of the Wall Street 
Journal, I'll lay even odds that the leaker is never found.  If
the leaker used a well-constructed message,  and doesn't try to 
repeat his coup, I set the odds at 1000:1 that we'll ever find him 
via remailer tracing.  This despite the fact that the current remailer
network falls well short of a wiretap-proof digital mix, as Hal
correctly notes.



Jim Hart
hart@chaos.bsu.edu