From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Wed, 6 Mar 1996 06:51:01 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: (Fwd) Gov't run anon servers
In-Reply-To: <ad60b7a50a0210048ed0@[205.199.118.202]>
Message-ID: <9603051943.AA00595@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


>  We've talked about possible hardware security measures, even
>  those that only rely on physical box security. A box that does
>  decryption, mixing, readdressing, etc., without being part of
>  a Unix file system/network, could be a useful "Mom and Pop
>  remailer" (the idea being that small shop owners, "Mom and
>  Pop," could set this up, collect a little bit of spare change
>  as a remailing fee, and not even have access to the internal
>  state of the machine themselves.

While a solution like that would be optimal, even just a version of  
Mixmaster that can use a secure RSA card would do wonders for security.  The  
secret key is protected in the card and can't be stolen, even by root,  
without physically stealing the card.  As long as the most of the remailers  
in your chain don't have compromised secret keys, it probably won't matter  
too much if the individual ops can examine the messages flowing through their  
remailer.

The cards are getting cheaper and can be bought off the shelf (for now).   
The hardest part of retrofitting existing remailer software would probably be  
extracting the data from the remailer packet and formatting it properly for  
the card to do encryption operations on it (and back).


andrew