1994-11-23 - Re: REMAILER PROPOSAL

Header Data

From: lcottrell@popmail.ucsd.edu (Lance Cottrell)
To: Sandy Sandfort <remailer-operators@c2.org
Message Hash: 7ef461df7a851cb5e4180dc0fe33a4480d2c7579ea8d303a54f50eba150483af
Message ID: <aaf88a7b040210048573@[137.110.24.249]>
Reply To: N/A
UTC Datetime: 1994-11-23 07:20:26 UTC
Raw Date: Tue, 22 Nov 94 23:20:26 PST

Raw message

From: lcottrell@popmail.ucsd.edu (Lance Cottrell)
Date: Tue, 22 Nov 94 23:20:26 PST
To: Sandy Sandfort <remailer-operators@c2.org
Subject: Re: REMAILER PROPOSAL
Message-ID: <aaf88a7b040210048573@[137.110.24.249]>
MIME-Version: 1.0
Content-Type: text/plain


>If the Spoon-E Issuer is an opponent, you have far worse problems
>than mere identification.  That is why I specified that the
>Issuer would be a creature of the Electronic Mail Forwarders
>Guild.  The Issuer would be chosen by the remailer operators whom
>it served.  It is quite a stretch to assume that Guild members
>would choose someone that untrustworthy.  Given that level of
>paranoia, it would be advisable to avoid the use of any remailer.
>After all, it is theoretically possible the *every* remailer in a
>chain--no matter how long--could be compromised.  One might as
>well find a "flaw" with all remailers by assuming an opponent who
>could read minds.  I don't think either threat is credible.
>
>
> S a n d y
>

I disagree with you assessment of the situation. The "Electronic Mail
Forwarders Guild" is not made of mind readers, they are capable of error.
You assume that a operator would appear to be untrustworthy. I think that
is a poor assumption. As an example, I have been talking to John Perry
quite a bit lately, he has been of great help to me, his heart seems to be
in the right place, he is certainly militant enough about remailer
secutiry. I am not at all convinced that he has not been compromised
(nothing personal John). It simply does not require that good an actor. If
a TLA wished to infiltrate us, the traitor would seem very trustworthy,
gung ho, and paranoid.

I think that the odds of the "Electronic Mail Forwarders Guild" choosing a
compromised Spoon-E Issuer is much greater than the odds that all members
of some subset of my choosing have been compromised.

The system you proposed is interesting, and worthy of discussion, but I
will not actually use any system where I must put identifying information
in each packet. There are ways of implementing postage which do not require
this compromise. Blind signed tokens is one method. Having the user pay the
first remailer, with remailers charging each other a reduced rate for
forwarding is another.

You make no mention of my scheme for making your system completely secure
(I think). It should not be too difficult to implement, given the software
you would already need for Spoon-Es.

--------------------------------------------------
Lance Cottrell  who does not speak for CASS/UCSD
loki@nately.ucsd.edu
PGP 2.6 key available by finger or server. Encrypted mail welcome.
Home page http://nately.ucsd.edu/~loki/
Home of "chain" the remailer chaining script.
For anon remailer info, mail remailer@nately.ucsd.edu Subject: remailer-help

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche







Thread