1995-10-18 - Re: Anonymity: A Modest Proposal

Header Data

From: Herb Sutter <herbs@interlog.com>
To: Modemac <modemac@netcom.com>
Message Hash: 20049ac92cc64bedf52ec5cee42bf0ffd702315fb033e63e8bdd59316934d959
Message ID: <199510181244.IAA03196@gold.interlog.com>
Reply To: N/A
UTC Datetime: 1995-10-18 12:47:20 UTC
Raw Date: Wed, 18 Oct 95 05:47:20 PDT

Raw message

From: Herb Sutter <herbs@interlog.com>
Date: Wed, 18 Oct 95 05:47:20 PDT
To: Modemac <modemac@netcom.com>
Subject: Re: Anonymity: A Modest Proposal
Message-ID: <199510181244.IAA03196@gold.interlog.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:58 10.18.1995 -0700, Modemac wrote:
>     1) A person writes a message and encrypts it with PGP.

Using a set public key?  Which would mean the remailers all share the same
pub/pri key pair (or pieces thereof)?  You'll have to come up with a good
way of maintaining this secret, since if you're not careful it could be
compromised by something as simple as an attacker's trying to attach a new
remailer to the remailer group or physically attack any existing remailer.

>     2) That person then posts his message to the "anonymous messages"
>        newsgroup.
>     3) A remailer scanning the newsgroup picks up the message,
>        decrypts it, strips the headers and makes it anonymous, and
>        sends it to its destination.

Not only is the anonymity of the entire traffic load compromised if the
single shared private key is compromised, but even if the secret is kept the
newsgroup articles' headers being posted in the clear still opens this
scheme to traffic analysis (even if you put it a short random remailer
delay, as you say later on; computers are very good at sifting through large
volumes of data to find this kind of pattern, especially if the remailer
delay's upper bound is known (you proposed two hours)).

>The actual remailer code, involving scanning the newsgroup for
>PGP-encrypted messages and stripping headers, could be written with
>PERL scripts.  This would keep it portable, and it would be easy for 
>a person to tell if it has been tampered with.  This code would be
>distributed widely.

...and if someone installs their own remailer and adds it to the group, and
therefore it must get the complete shared private key at some point (of
necessity, else it couldn't decrypt the messages), and then the attacker can
just look at the key and decrypt all traffic...?

Herb

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Herb Sutter                 2228 Urwin, Suite 102       voice (416) 618-0184
Connected Object Solutions  Oakville ON Canada L6L 2T2    fax (905) 847-6019






Thread