1996-04-27 - Re: An idea for refining penet-style anonymous servers

Header Data

From: Olmur <olmur@dwarf.bb.bawue.de>
To: cypherpunks@toad.com
Message Hash: 08cb602aed37778be45bdf2cbfe7178809fe1168b53afc2dd8343483c7c39416
Message ID: <199604262029.WAA00905@dwarf.bb.bawue.de>
Reply To: <Uc5fx8m9LojB085yn@netcom.com>
UTC Datetime: 1996-04-27 06:07:45 UTC
Raw Date: Sat, 27 Apr 1996 14:07:45 +0800

Raw message

From: Olmur <olmur@dwarf.bb.bawue.de>
Date: Sat, 27 Apr 1996 14:07:45 +0800
To: cypherpunks@toad.com
Subject: Re: An idea for refining penet-style anonymous servers
In-Reply-To: <Uc5fx8m9LojB085yn@netcom.com>
Message-ID: <199604262029.WAA00905@dwarf.bb.bawue.de>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Alan" == Alan Bostick <abostick@netcom.com> writes:


Alan> There is a way that attackers who have seized or copied the
Alan> database can search it - by trying it out on anonymous IDs, or
Alan> user addresses, until they hit paydirt.

I think that's exactly where the problem lies.  The advantage of your
proposal is, that for an honest SysOp your system makes it easier not
to look on the database, but I assume that Julf isn't interested in
the contents of the database anyways..

But for a real attacker it's just a small inconvinience, nothing more.

Alan> So what do people think of this scheme of mine?  Are there
Alan> drawbacks or weaknesses that I'm not seeing?

I think it's similar to a postmaster running a script to automatically
removing the actual message from a bounced mail, before she looks at
it.  But I don't think it's really making penet-style servers more

Have a nice day, and hope your flu cured now!

- --
"If privacy is outlawed, only outlaws will have privacy" --- P. Zimmermann
      Please encipher your mail!  Contact me, if you need assistance.

finger -l mdeindl@eisbaer.bb.bawue.de for PGP-key
         Key-fingerprint: 51 EC A5 D2 13 93 8F 91  CB F7 6C C4 F8 B5 B6 7C

Version: 2.6.3i
Charset: latin1
Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface