From: Big Moma <moma@nym.alias.net>
Date: Tue, 31 Dec 1996 12:50:05 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: premail.
In-Reply-To: <199612310718.BAA02863@manifold.algebra.com>
Message-ID: <19961231204939.16032.qmail@anon.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


ichudov@algebra.com (Igor Chudov @ home) wrote:
> Anonymous wrote:
> > 
> > A scenario:
> > 
> > 1) The spooks put a bug (named Eve) on the link between
> > kiwi.cs.berkeley.edu and the Internet.
> 
> ......
> 
> A good scenario. A truly paranoid premail users should verify who signed
> the remailer keys. If you trust the signators and they signed the keys, 
> you are "safe". Just do pgp -kvv some@remailer.com and see what comes up.
> 
> Maybe remailer operators should asks someone reputable to sign their
> remailers' keys so that the users can easily verify the signatures.

	Yes, that is one part of it. Another part is that Raph should
include a public PGP key in the premail program and then sign both the
remailer-list and the pubring at kiwi.cs.berkeley.edu with it. The public
key included in premail should be

1) Used to sign the premail distribution itself.
2) Emailed to various mailing lists such as cypherpunks and also mirrored
at various internet sites, so it cannot be spoofed by spooks.