1996-12-31 - Re: premail.

Header Data

From: ichudov@algebra.com (Igor Chudov @ home)
To: cypherpunks@toad.com
Message Hash: 3f3b9ff5df84e790a62895cafeefff92b0886cd5a82040c42e4dd064d6992117
Message ID: <199612310718.BAA02863@manifold.algebra.com>
Reply To: N/A
UTC Datetime: 1996-12-31 07:22:40 UTC
Raw Date: Mon, 30 Dec 1996 23:22:40 -0800 (PST)

Raw message

From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 30 Dec 1996 23:22:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: premail.
Message-ID: <199612310718.BAA02863@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text

Anonymous wrote:
> A scenario:
> 1) The spooks put a bug (named Eve) on the link between
> kiwi.cs.berkeley.edu and the Internet.
>    Whenever kiwi.cs.berkeley.edu sents out the pubring.pgp Eve intercepts
> it and replaces it with a file of the spooks' choosing. This file will
> selectively replace the public pgp keys of some of the remailers (say exon)
> in pubring.pgp with keys to which the spooks know the private key.
> 2) A similar bug is put on the link between the exon remailer and the
> internet. All email to exon is intercepted, and if found to be encrypted
> with the spooks' PGP key, it is decrypted, saved, re-encrypted with exon's
> real PGP key and sent on.
> It is only a scenario. I am still using premail to send this.

A good scenario. A truly paranoid premail users should verify who signed
the remailer keys. If you trust the signators and they signed the keys, 
you are "safe". Just do pgp -kvv some@remailer.com and see what comes up.

Maybe remailer operators should asks someone reputable to sign their
remailers' keys so that the users can easily verify the signatures.

	- Igor.