1995-01-09 - Re: Can someone verify this conjecture for me?

Header Data

From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
To: cypherpunks@toad.com
Message Hash: e62f5dfe70bc0d68aab0486f58b446a07bce1989aba0f46ec1f5bbec0f2614f2
Message ID: <9501090508.AA14605@anchor.ho.att.com>
Reply To: N/A
UTC Datetime: 1995-01-09 05:09:23 UTC
Raw Date: Sun, 8 Jan 95 21:09:23 PST

Raw message

From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Sun, 8 Jan 95 21:09:23 PST
To: cypherpunks@toad.com
Subject: Re:  Can someone verify this conjecture for me?
Message-ID: <9501090508.AA14605@anchor.ho.att.com>
MIME-Version: 1.0
Content-Type: text/plain


> From: nelson@crynwr.com (Russell Nelson)
> > It seems like it solves two separate problems: 1) foiling traffic
> > analysis, and 2) foiling a cheater remailer.  The problems are
> > separate, really, because if you really, really trust the remailer (as
> > many people do Julf), then 2) isn't a problem.  All you need to do is
> > solve 1.  Or, you can solve 1) by using a single remailer.  A
> > necessary but not sufficient step to foil traffic analysis is to strip
> > headers.

There are a couple of advantages of chaining multiple remailers.
One is that traffic analysis is an art, rather than a science,
and to really foil it, you've got to know how good it is, which is hard.
Long-term patterns may show up even though the traffic mixes
are pretty good in the short run, and if you can spread out the remailer
use and increase the traffic load, plus constantly sending encrypted
traffic between remailers, it does make the job harder.
If the Bad Guys can isolate their target to a few remailer users,
they can often find the real one by rubber-hose or a small number
of wiretaps at the user locations instead of the remailers;
that's impractical if there are thousands of potential users in
multiple countries across the remailer-chain.

Another is that if one good trustable remailer can foil traffic
analysis, then multiple remailers increases the chance that
at least one of them is good.  Sure, Julf's a good guy, but what
if the KGB has kidnapped his grandmother, or the CIA has planted
wiretaps inside his computer - will you know if it's compromised?

There's also the reliability issue - what if the Finnish Phone Company
decides Julf is using too much of their resources and cuts him off,
or the Mafia steals one of your police-informants' remailers,
or the California Public Utilities Commission declares email to be
a common carrier and insists on auditing all transactions?
Multiple remailer in a strongest-link chain reduce the risks.

		Bill





Thread