1994-10-04 - Re: penet remailer
Header Data
From: cjl <cjl@welchlink.welch.jhu.edu>
To: Frederic Halper <fhalper@pilot.njin.net>
Message Hash: 20f2b9f9ad3448717dbc852dbcf8200d969c1e86fd2aa24293242ffb8335a68d
Message ID: <Pine.3.89.9410041953.A17663-0100000@welchlink.welch.jhu.edu>
Reply To: <9410042226.AA10893@pilot.njin.net>
UTC Datetime: 1994-10-04 23:59:09 UTC
Raw Date: Tue, 4 Oct 94 16:59:09 PDT
Raw message
From: cjl <cjl@welchlink.welch.jhu.edu>
Date: Tue, 4 Oct 94 16:59:09 PDT
To: Frederic Halper <fhalper@pilot.njin.net>
Subject: Re: penet remailer
In-Reply-To: <9410042226.AA10893@pilot.njin.net>
Message-ID: <Pine.3.89.9410041953.A17663-0100000@welchlink.welch.jhu.edu>
MIME-Version: 1.0
Content-Type: text/plain
On Tue, 4 Oct 1994, Frederic Halper wrote:
> What's the status of the penet.fi remailer. Is it secure?
> Reuben
>
I personally don't care for the penet type remailers. Their only true
virtue is to allow you to receive return mail to an anon-post. The
trade-off is that this is done by a form of identity escrow. Julf (who
runs penet.fi) has your e-mail address connected to the anonXXXXX
identity that you get issued automatically. As far as reputations go,
Julf has an excellent reputation in the C-punx community, and there is
little likelihood of Finnish govt. officials giving in to US Govt.
pressure to crack down on Julf to turn over his *little black book*.
There was recently an attack on the penet.fi remailer that depended upon
the ability to spoof the From: lines on messages, some unknown
person sent hundreds of messages to the anon@penet.fi remailer pretending
to be hundreds of other people and had those messages sent to alt.test or
misc.test with some phrase about tunafish in the subject, causing this to
be known as the *tunafish and spam sandwich attack*. What this did is
allocate alot of new anonxxx numbers to people who didn't really want
them, (also ultimately denying them the secure use of this service,
because someone knew the anonxxx - TrueName correspondence), for those
that already had an anonxxx and had set a password things were cool,
the messages were just rejected. For those who had an anonxxx and had
not set the password, this attack revealed the anonxxx corresponding to
their TrueNames to the person who conducted the attack. Not a
particularly secure form of identity escrow for the clueless-at-risk-of-
identification to be using for posting their wildest homo-erotic fantasies
to alt.H.E.A.T.fabio.
I was allocated an anxxx I didn't want, and then assigned the password
in order to deny the attacker any further use of the anxxx with my
TrueName attached to it.
C. J. Leonard ( / "DNA is groovy"
\ / - Watson & Crick
<cjl@welchlink.welch.jhu.edu> / \ <-- major groove
( \
Finger for public key \ )
Strong-arm for secret key / <-- minor groove
Thumb-screws for pass-phrase / )
Thread
Return to October 1994
- Return to “cjl <cjl@welchlink.welch.jhu.edu>”
- Return to “fhalper@pilot.njin.net (Frederic Halper)”
Return to “Matthew J Ghio <mg5n+@andrew.cmu.edu>”
- 1994-10-04 (Tue, 4 Oct 94 15:27:01 PDT) - penet remailer - fhalper@pilot.njin.net (Frederic Halper)
- 1994-10-04 (Tue, 4 Oct 94 15:54:41 PDT) - Re: penet remailer - Matthew J Ghio <mg5n+@andrew.cmu.edu>
- 1994-10-04 (Tue, 4 Oct 94 16:59:09 PDT) - Re: penet remailer - cjl <cjl@welchlink.welch.jhu.edu>