1995-01-29 - Re: Why encrypt intra-remailernet.

Header Data

From: Adam Shostack <adam@bwh.harvard.edu>
To: nzook@bga.com (Nathan Zook)
Message Hash: 4ff0ee068ba24d1467f21f78d13e6e0892311cca056d6604eaeeeb7f30080606
Message ID: <199501290547.AAA20285@bwh.harvard.edu>
Reply To: <Pine.3.89.9501281651.A2705-0100000@edwin.bga.com>
UTC Datetime: 1995-01-29 05:48:02 UTC
Raw Date: Sat, 28 Jan 95 21:48:02 PST

Raw message

From: Adam Shostack <adam@bwh.harvard.edu>
Date: Sat, 28 Jan 95 21:48:02 PST
To: nzook@bga.com (Nathan Zook)
Subject: Re: Why encrypt intra-remailernet.
In-Reply-To: <Pine.3.89.9501281651.A2705-0100000@edwin.bga.com>
Message-ID: <199501290547.AAA20285@bwh.harvard.edu>
MIME-Version: 1.0
Content-Type: text/plain

Nathan Zook:
|     Suppose Alice sends Bob a message e(M) through Chaum.  Eve, a stong
| opponent, wants to trace the message.  She keeps track of all outgoing mail
| from Alice, an MD5 hash of all incoming messages to Bob, and outgoing from
| Bob.  Eve then sends Chaum e(M), and waits for a matching MD5 to Bob that
| doesn't correlate to an outgoing MD5 from Bob.  (Eve knows that Bob is a
| remailer.)
|     Gentlemen, I believe that I have just stumbled upon a strong proof of
| the necessity of remailer auto-encryption of all messages.  Since the
| session key is PRG, MD5 will change (a lot;).  Furthermore, remailer auto-
| encryption allows the mailers to number their messages to each other.  A
| low number means a re-transmit from the remailer, which is not possible,
| unless some sort of ACK system is in place, and even then, would still
| flag.  Of course, if the remailers _sign_ their messages (on the way out)
| as well, you could compare the timestamps of the signatures with the
| message itself.

	This is strong argument for encrypting your chain of messages,
using premail, or chainmail, or something similar.  Why the remailers
should do this is not clear at all from your argument.  Remailer
operator should be discouraged from cooperation beyond that which is


"It is seldom that liberty of any kind is lost all at once."