From: ichudov@Algebra.COM (Igor Chudov @ home)
To: nobody@replay.com (Anonymous)
Message Hash: a7c47f9c2e8c83c106717f9856444536c11df7cb1b647cd053af6eea28055264
Message ID: <199812050126.TAA19947@manifold.algebra.com>
Reply To: <199812050110.CAA14572@replay.com>
UTC Datetime: 1998-12-05 01:52:15 UTC
Raw Date: Sat, 5 Dec 1998 09:52:15 +0800
From: ichudov@Algebra.COM (Igor Chudov @ home)
Date: Sat, 5 Dec 1998 09:52:15 +0800
To: nobody@replay.com (Anonymous)
Subject: Re: .
In-Reply-To: <199812050110.CAA14572@replay.com>
Message-ID: <199812050126.TAA19947@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text
Anonymous wrote:
>
>
>
> ...
> > A few rules of thumb result from even cursory examination
> > of the likely environment:
> >
> ...
> > 5. Ultimately, the only way the remailers will provide
> > what might be described as Pretty Good Security will
> > be when we have software that maintains a regular
> > or random rate of messages to and from the remailer
> > cloud, a stream into which the meaningful messages
> > can be inserted with no visible change in traffic.
> > Until then, the best we can do is try to keep traffic
> > levels up, and to send and receive frequently enough
> > to frustrate end-to-end traffic analysis.
>
> Well, the existing remailer net doesn't make "Pretty Good" anonymity very
> feasible. I'd think something based on the general idea behind Crowds.
>
> (Furthermore, most remailer structures still can't erase some other security
> concerns --
> 1: remailers acutally can be hacked or physically compromised
> 2: clients really can be screwed
> 3: etc.
>
> To help solve the first, you'd want a two-box setup doing remailing, with the
> security-critical stuff loaded on a box not directly connected to the Net with
> something 140-1ish to make tampering harder, a secure OS, etc. -- or, of
> course, you can scrap all that to get really big remailer count.
As long as you do not see the box and do not control its manufacture,
I see no reason why you should have ny more trust in it.
igor
> To help solve the second problem, there needs to be a better web-of-trust
> setup -- that is, one which applies to code as well as keys. Those who wish to
> verify code get a .sig-verifying program from a trusted source then use a WoT
> to authenticate various facets of the program necessary for security.
>
> A solution to the third problem is expected RSN.)
>
> >
> > 6. Don't send anything that can have grave consequences.
>
> Remember the consequences to an adversary who uses its secret decoder ring,
> though: the more plausible it becomes that a certain source is being used for
> intelligence-gathering, the more likely it is that that source will promptly
> begin to run dry as the spied-upon realize that Something Got Broke. My
> advice, however, agrees with that of the other Anonymous. That is, unless
> you've really thought things out, think of an remailed message as merely
> .sigless, not anonymous.
>
> >
> > 7. Take names. Always take names. Some day...
> >
> > FUDBusterMonger
> >
> > It Ain't FUD til I SAY it's FUD!
>
- Igor.
Return to December 1998
Return to “ichudov@Algebra.COM (Igor Chudov @ home)”