From: Phil Fraering <pgf@tyrell.net>
Date: Tue, 1 Aug 95 14:58:06 PDT
To: fc@all.net
Subject: What do I use?
In-Reply-To: <9508012013.AA14958@all.net>
Message-ID: <199508012153.AA26490@tyrell.net>
MIME-Version: 1.0
Content-Type: text/plain


   From: fc@all.net (Dr. Frederick B. Cohen)
   Date: Tue, 1 Aug 1995 16:13:09 -0400 (EDT)
   X-Mailer: ELM [version 2.4 PL22]
   Content-Type: text
   Content-Length: 1941      
   Sender: owner-cypherpunks@toad.com
   Precedence: bulk

   > So Dr. Cohen, what do you use when you want to send a message across
   > the Internet with better security than cleartext?  What do your
   > recommend to others?

   I use different techniques when different levels of protection are
   required, and I definately don't use the Internet for anything that is
   really vital because of the ease of gaining intelligence indicators
   based on traffic analysis.

So you don't trust the remailers? Is this because you don't trust the
remailer implementations or because you don't trust digital mixes in
the first place?

   I never recommend a solution without knowing a fair amount about the
   specific challenge it is supposed to address.  I typically start with an
   understanding of the general environment, the financial and/or human
   issues, the threat profile, the protection environment, the other
   dependencies and protection factors, and other factors related to the
   reasons for protection.  Once I have this understanding, I make value
   judgements about how much I trust things relative to the requirement for
   trust and other limitations presented by the situation.

Actually, it sounds like you don't use anything that can be used by
someone not a professional old-time cryptographer.

Phil