[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: FORTRESS REMAILERS
To my mind, remailer vulnerability starts with the Net addresses used to
send to them and send from them. It seems to me that a fortress remailer
must have solve two problems:
1) Getting a message to the remailer without knowing the remailer's Net
address.
2) Sending a message from the remailer without revealing a Net address.
Problem 1 can be easily solved by having users send messages to various
new groups the remailer scans. The messages would be encrypted with the
remailer's public key. The remailer continuously scans for new messages
encrypted with its public key. When it finds one, it decrypts it and
processes it.
Problem 2 it the tricky part. How can the remailer inject a message back
into the public Net without revealing its Net-location? If the remailer
could sovle this problem, then why couldn't everybody use the same
solution, eliminating the need for remailers? The one possibility is that
the solusion requires something that most average users can't do or can't
acquire economically (i.e. most everybody can grow their own food, but why
bother).
I haven't come up with any really good ideas here. Here are a couple
thoughts:
a) Using various hacker tricks to forge "From:" e-mail addresses.
b) Use short-lived addresses. Set the remailer up some how so it can
frequently acquire new e-mail addresses. Each address would only be used
to forward a limited number of messages, and then it would be abandoned.
[email protected]