From: Alex Strasheim <alex@omaha.com>
To: cypherpunks@toad.com
Message Hash: 5521b61e9042da96db95c6a49fbd73d03866f323e412bf5ae3ab483cc12a867b
Message ID: <199411230343.VAA01315@omaha.omaha.com>
Reply To: <199411230309.VAA01248@omaha.omaha.com>
UTC Datetime: 1994-11-23 03:42:36 UTC
Raw Date: Tue, 22 Nov 94 19:42:36 PST
From: Alex Strasheim <alex@omaha.com>
Date: Tue, 22 Nov 94 19:42:36 PST
To: cypherpunks@toad.com
Subject: Re: cyphertext-only remailers / cryptanlysis code ?
In-Reply-To: <199411230309.VAA01248@omaha.omaha.com>
Message-ID: <199411230343.VAA01315@omaha.omaha.com>
MIME-Version: 1.0
Content-Type: text
-----BEGIN PGP SIGNED MESSAGE-----
> > One solution that I've thought about is only passing messages which are
> > composed of cyphertext. Does this make any sense?
>
> This sounds useful, but I'm curious how you would enforce it. I would think
> you'd need to do some nontrivial statistical analysis to be reasonably sure
> you weren't allowing various binaries, uuencoded files, etc. with faked PGP
> headers, without preventing people from using other encryption schemes. I'd
> say this is the flip side of the challenge faced by governments trying to
> outlaw transmissions using strong crypto.
I realize I can't enforce this perfectly.
My goal isn't to force people to use encryption, it's to cut down on my
risk as a remailer operator. Basically, I'm going to make sure that
there are headers, a pgp version number, and that there are no obvious
problems with the text (ie. no whitespace, full length lines, etc.)
Someone who really wanted to make trouble for me could still do it with
my remailer, but I think that someone who wanted to mail death threats or
post forbidden material would probably use another remailer as the final
hop.
Your letter has brought a fairly serious flaw in my plan, though: it's
possible to simply ascii-armor a binary with PGP isn't it? A brief scan
of the pgp docs hasn't revealed the command, so I can't tell what an
ascii-armored binary looks like, but I'll be it's just like cyphertext.
That means I'll probably have to read the ascii-armor if I want to do
this.
==
Alex Strasheim | finger astrashe@nyx.cs.du.edu
alex@omaha.com | for my PGP 2.6.1. public key
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBLtK6HBEpP7+baaPtAQGyCQQAkYssaS1iZ6KMJ3m4AKNLGbIAX3E7Bopq
k39a+weRm6hzznbMoCHao5wcZ9V89tvgAg8aABxQ3wB894y71s9sAYs8J5GnbrBE
fCqdxMfPxp+XaWh6pQO9ggDnw04eS5bFS1TPr4MeQumjMdx4CmcQegjhp5VNLSVH
qZ7M9Q5x+hg=
=utlk
-----END PGP SIGNATURE-----
Return to November 1994
Return to “Alex Strasheim <alex@omaha.com>”
Unknown thread root