From: marko@millcomm.com (Mark Oeltjenbruns)
To: cypherpunks@toad.com
Message Hash: e38efa605f6696a5e47e8364278da54b88a987ec5ddd94e11f336bf16e8d10db
Message ID: <m0rSFsb-000kfuC@mill2.millcomm.com>
Reply To: N/A
UTC Datetime: 1995-01-12 03:05:20 UTC
Raw Date: Wed, 11 Jan 95 19:05:20 PST
From: marko@millcomm.com (Mark Oeltjenbruns)
Date: Wed, 11 Jan 95 19:05:20 PST
To: cypherpunks@toad.com
Subject: How do I know if its encrypted?
Message-ID: <m0rSFsb-000kfuC@mill2.millcomm.com>
MIME-Version: 1.0
Content-Type: text/plain
I keep seeing the idea that to keep out of trouble remailers and
Data Havens should require that data be encrypted before it is accecpted.
My question is how do I know it is encrypted? If I say that anyone sending
me data to be massaged by my system must first encrypt it, how do I know
they are in fact complying with that request? After all this is the area
for the paranoid's to hang out in.
I see some possible options. Most don't seem to workable. I could ...
(1) Look at the incomming data, which of course would be impractical and
defeat the whole idea.
(2) Force them to pgp it, but that could be defeated by having enough of a
pgp sig. that my system is fooled. Not to mention they must use *MY* idea
of what good encryption is. After all I could say you must use my
encryption software that has a backdoor I know of, i.e. clipper, or that
costs money and can only be bought from me. This last point would be one
way of making sure you made some money, but does seem impractial.
(3) Peform a histogram analysis on it, if it doesn't pass a certain
threshold reject the whole thing. Although cute, I don't like this one.
(4) Encrypt it with my own key and decrypt it before squirting it back out.
This doesn't seem to gain me anything though since it could be said that I
still have the ability to look at the data.
(5) Only acecpt data from a remailer or other service that would be
guranteed to be encrypted. This seems like it would lead to a 'good ole
boy' network that could exclude service providers it doesn't like.
etc. etc.
Whos to say that the data isn't encrypted? I could be hidding a
real message in that eagale spread of a porn picture. 'Simple, don't allow
porn but only accecpted images.' Well that certainly sounds like a can of
worms waiting to squirm around your toes.
Is the question of what is encrypted data similar to what material
is porn or some other 'evil' data? Am I missing something in this simple
requirment of only dealing with encrypted data? Or am I simply blowing
something way out of proportion?
-Mark
----------
Mark Oeltjenbruns marko@Millcomm.com N0CCQ
SnipIt Research Finger for PGP key.
'My other key is 2048 bits.'
Return to January 1995
Return to “tcmay@netcom.com (Timothy C. May)”