cryptoanarchy.wiki

Arise, you have nothing to lose but your barbed wire fences!

1995-10-29 - Re: Don’t Kill the Messenger–A New Slant on Remailers

Header Data

From: Bill Stewart <stewarts@ix.netcom.com>
To: cypherpunks@toad.com
Message Hash: 54124b357b12d50ccd117ab2b71e824fb8b01d5f5e096301c792729c8e91e81b
Message ID: <199510292300.PAA22989@ix11.ix.netcom.com>
Reply To: N/A
UTC Datetime: 1995-10-29 23:24:14 UTC
Raw Date: Mon, 30 Oct 1995 07:24:14 +0800

Raw message

From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 30 Oct 1995 07:24:14 +0800
To: cypherpunks@toad.com
Subject: Re: Don't Kill the Messenger--A New Slant on Remailers
Message-ID: <199510292300.PAA22989@ix11.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:45 PM 10/20/95 +0100, "Rev. Mark Grant" <mark@unicorn.com> wrote:
>> "You have a piece of mail awaiting at our mail delivery service. The
>> originator is unknown. The title of the message is "Tentacles of Medusa
>> Must Die!" You may retrieve this message by replying to this notification
>> with the word "Yes" anywhere in the Subject field. This message will be
>> kept for 60 days and then deleted."
>
>I suspect that I could easily hack this into Mixmaster in a day or two,
>but wouldn't it open you to attacks where Anonymous Fed, say, sends
>terrorist kiddy-porn through your remailer and busts your ISP during those
>60 days for possession ? I'm not sure if it would be better or worse than
>current setups from that point of view. 

One way to deflect this attack is to encrypt the message for storage
using a symmetric-key algorithm with a randomly generated session key,
and send the session key to the recipient with the notification.
You still have 300 MB of planted kiddy-terrorist narcopornography on your
machine,
but it's encrypted and you can happily tell the judge that you _can't_
decrypt it because you don't have the key.  The Feds _could_ get the
keys by eavesdropping on your outgoing correspondence or using
your system to send the material to themselves (or a conveniently employed
child), but at least you're not storing it in plaintext.

More of a problem with this system is that it's only useful for terminal
remailers; to use it in the middle of a chain, the next remailer would
need to be configured to auto-accept such messages, or else your remailer
would need to have a list of known remailers and use direct delivery
for all mail sent to them.
#---
#                                       Thanks;  Bill
# Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281
#---

Thread