From: Lance Cottrell <loki@infonex.com>
To: Bill Stewart <svmcguir@syr.edu>
Message Hash: 4199321e66c472b64ac48d3b2c0302182b3b9a68ecb07255331da35c6a022c86
Message ID: <v03007808af205735893e@[206.170.115.5]>
Reply To: <199702061921.LAA28330@toad.com>
UTC Datetime: 1997-02-07 04:01:51 UTC
Raw Date: Thu, 6 Feb 1997 20:01:51 -0800 (PST)
From: Lance Cottrell <loki@infonex.com>
Date: Thu, 6 Feb 1997 20:01:51 -0800 (PST)
To: Bill Stewart <svmcguir@syr.edu>
Subject: Re: mail-to-news fun
In-Reply-To: <199702061921.LAA28330@toad.com>
Message-ID: <v03007808af205735893e@[206.170.115.5]>
MIME-Version: 1.0
Content-Type: text/plain
It would be a trivial hack for Mixmaster. It allways knows if a message if
going to another remailer, or if this is the last hop, so it can add the
disclaimer only on the last hop.
-Lance
At 4:06 PM -0800 2/6/97, Bill Stewart wrote:
>At 01:01 PM 2/6/97 -0500, Scott V. McGuire wrote:
>>On Wed, 5 Feb 1997 stewarts@ix.netcom.com wrote:
>>> People don't read mail headers or disclaimers at the bottom,
>>> and putting disclaimers like that into message text for
>>> email exposes the message to traffic analysis.)
>
>>How does putting it in the message expose it to traffic analysis but not
>>putting it in a header?
>
>Suppose you're sending a message on a remailer chain of
>you -> Alice->Bob->Charlie->Dave->Eve->Fred--> target
>and Bob puts lots of disclaimers in his remailer's outgoing messages.
>Anything Bob puts in a header will get stripped out by Charlie,
>so it's no problem. However, if Bob tacks a disclaimer
>as the bottom text in the outgoing message, when Eve sends
>mail to Fred she'll also see the disclaimer that
> The message was sent by an anonymous user
> through the remailer at Bob's Remailer Shack.
> Bob doesn't know who sent it, and doesn't keep records,
> so he can't squash the user, but he can block mail to you
> if you don't want any more anonymous email.
> Don't believe everything you read!
>so she'll know to check the FBI Illegal Wiretap files for Bob.
>
>Some comments and backtracking
>0) Of course, if you want to avoid traffic analysis,
>sending unencrypted email is pretty stupid, and only the
>next hop is going to see a disclaimer that you append
>after the encrypted part of the message.
>
>1) Prepending the disclaimer to the message body is
>pretty unfriendly to the :: syntax, and not all that
>great for PGP encrypted messages either. Pretend I
>really just suggested appending it at the end,
>since that's what I would have said if I'd been thinking :-)
>
>On the other hand, I suppose that you can see whether the
>next hop is a Type I remailer by looking for the :: or ##.
>
>2) Cutmarks would be a nice fix, but they require too much
>attention to detail to get right, in case the next hop
>is a remailer.
>
>So maybe you _should_ always put in the disclaimer,
>at the end, with a reminder to always encrypt your
>remailer-chain mail if you want to avoid traffic analysis :-)
>
>
>
>
>
># Thanks; Bill
># Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
># You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
># (If this is a mailing list, please Cc: me on replies. Thanks.)
----------------------------------------------------------
Lance Cottrell loki@obscura.com
PGP 2.6 key available by finger or server.
http://www.obscura.com/~loki/
"Love is a snowmobile racing across the tundra. Suddenly
it flips over, pinning you underneath. At night the ice
weasels come."
--Nietzsche
----------------------------------------------------------
Return to February 1997
Return to ““Scott V. McGuire” <svmcguir@syr.edu>”