From: Greg Broiles <greg@ideath.goldenbear.com>
Date: Sat, 16 Sep 95 22:22:19 PDT
To: adam@bwh.harvard.edu
Subject: Re: Commercial Mixmaster
Message-ID: <199509170513.AA06296@ideath.goldenbear.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

Adam Shostack writes:

>	Its worth noting that the source code to Julf's Penet remailer
> is not public (AFAIK).  People use it becuase they trust Julf, or
> trust people who trust Julf.

People don't use Julf's source code. People use the services provided
by Julf's remailer, which runs Julf's source. Trusting anon.penet is
relatively simple (conceptually) because the author, distributor, and
user of the remailer code (where user = remailer operatror) are all
the same person. I would be less likely to trust Julf if I thought he
was running software he received (through unknown distribution channels,
from an unknown author) as an executable without source.

I trust Julf because (a) he seems to be a decent/trustworthy person,
and (b) because I think he has enough information available to him
to be sure that his system doesn't have intentional back doors nor
glaring unintentional ones. If only one of (a) and (b) were true,
I'd trust anon.penet.fi a lot less. 

I've seen messages from people who refuse to use ViaCrypt PGP because
they can't see the source. I own a copy because I don't want to worry
about licensing when I use it in a commercial context and because I
don't think Phil would have been associated with it if the binaries
distributed weren't free of known weaknesses different from those
document with the freeware PGP or otherwise discloses. 

My inclination is to feel the same way about distributions of 
Mixmaster. If Lance is willing to sign the code which is shipped,
my hunch is that there's nothing tricky going on. If Lance disappears,
and the purchaser turns out to be unknown, I dunno if I'd run it 
before someone trusted had disassembled it (or someone liberated
the source code) and it was inspected and found to be clean.

[I think it's useful to continue beating the almost-dead horse of
the marketing of Mixmaster because I suspect that the anonymous
purchaser of Mixmaster subscribes to the list, and is thereby
aware of what potential remailer operators and remailer users
are going to like, and not like.]

> 	Why pay for remailers when there are free ones?  Speed and
> lawyers pop right up as damn good answers.  Putting up a couple of
> p120s on a T1 in the Carribean isn't cheap, nor is making sure you
> have a good lawyer who'll protect the machines when the bad guys show
> up with warrants.  I'd be much happier to use a fast system on good
> legal ground than a freebie.

It's safer still to use a system which doesn't keep logs and has 
otherwise taken steps to minimize inadvertent data leakage. (Imagine
me mentioning here all of the by now tiresome ideas about thermite,
degaussers, low-level-formats of the HD, etc, etc. Please, please,
let's not start that thread again for at least 6 months.) 

I'm not sure that there are any special lawyer tricks to stop the
execution of a search/seizure warrant. An attorney may help you
keep items found out of court later. I suppose it'd be possible, if
the cops were cooperative and the attorney immediately available and
the magistrage/judge who signed the warrant was immediately 
available to try to stop the execution of the warrant, but that seems
pretty far-fetched. I've been reading a lot of search & seizure
cases lately for work and haven't seen anything like this mentioned,
ever. If anyone's got a cite for "how to stop a warrant search &
seizure in progress", please pass it along. I'm sure my boss (and
his clients) would be interested. 


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMFuuJn3YhjZY3fMNAQGsRAP+PIm6ZsjfCFetFr0//LPUuBg+tiK9b8Dh
4WXji1ab6kCfB+SCbNhU7IDNCR7pK7c1rWjVL+r0gbded46Um6+mn5hDKagKhztD
nqld1vTETJFX9TmsRe3mXBE/TW1pqysoiS3PnM4mZ8b0GjErOdSbNpxOizvBOdhi
jLoNKnEGnpA=
=3dgI
-----END PGP SIGNATURE-----