From: Olmur <olmur@dwarf.bb.bawue.de>
To: cypherpunks@toad.com
Message Hash: 08cb602aed37778be45bdf2cbfe7178809fe1168b53afc2dd8343483c7c39416
Message ID: <199604262029.WAA00905@dwarf.bb.bawue.de>
Reply To: <Uc5fx8m9LojB085yn@netcom.com>
UTC Datetime: 1996-04-27 06:07:45 UTC
Raw Date: Sat, 27 Apr 1996 14:07:45 +0800
From: Olmur <olmur@dwarf.bb.bawue.de>
Date: Sat, 27 Apr 1996 14:07:45 +0800
To: cypherpunks@toad.com
Subject: Re: An idea for refining penet-style anonymous servers
In-Reply-To: <Uc5fx8m9LojB085yn@netcom.com>
Message-ID: <199604262029.WAA00905@dwarf.bb.bawue.de>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Alan" == Alan Bostick <abostick@netcom.com> writes:
[.....]
Alan> There is a way that attackers who have seized or copied the
Alan> database can search it - by trying it out on anonymous IDs, or
Alan> user addresses, until they hit paydirt.
I think that's exactly where the problem lies. The advantage of your
proposal is, that for an honest SysOp your system makes it easier not
to look on the database, but I assume that Julf isn't interested in
the contents of the database anyways..
But for a real attacker it's just a small inconvinience, nothing more.
Alan> So what do people think of this scheme of mine? Are there
Alan> drawbacks or weaknesses that I'm not seeing?
I think it's similar to a postmaster running a script to automatically
removing the actual message from a bounced mail, before she looks at
it. But I don't think it's really making penet-style servers more
secure.
Have a nice day, and hope your flu cured now!
Olmur
- --
"If privacy is outlawed, only outlaws will have privacy" --- P. Zimmermann
Please encipher your mail! Contact me, if you need assistance.
finger -l mdeindl@eisbaer.bb.bawue.de for PGP-key
Key-fingerprint: 51 EC A5 D2 13 93 8F 91 CB F7 6C C4 F8 B5 B6 7C
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface
iQCVAwUBMYEyKA9NARnYm1I1AQFZaQP/Q6jt+o1oDLysFTcxkitZF5aaQbwNa0Z6
Ud/oJqeTZvVtbltbJ7CIAIQCHydYLnBcxbeAw3EJDPpMYXaVz0Lsd00cdggD8Uh4
nY6dc4MaWvU0Kv1QUsdBlsIzpPwqvB9+WnXFQxcu/DONQT5pNkkzJWRGoHNj6+f4
kr31q2gniis=
=M/jY
-----END PGP SIGNATURE-----
Return to April 1996
Return to “Olmur <olmur@dwarf.bb.bawue.de>”