[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
re: Remailer Encryption Module
From: [email protected] (Eric Hughes)
From: Nathan Zook <[email protected]>
I also believe that hacking PGP is a bad thing (tm), because it
means that
every time an upgrade comes out, it will need to be re-hacked, and
once you
start hacking, when do you stop?
I agree. PGP just does not have the support for the encryption
required for mixing remailers. These deficiencies have been known for
about two years at this point and still nothing has happened. I
expect this not to change anytime soon.
That means that we have to replace PGP as the encryption module for
remailers. The first thing to do is to design a data format which
supports what the remailers need now, and nothing speculative. Since
this data format has a single purpose, we can make new revisions more
easily than for a general purpose package.
Once we get a data format, implementations will follow.
Eric
As I've considered this problem, I've arrived at essentially the same
conclusion. We need an RSA-IDEA package that does something very close to
Mixmaster. The only caveat is that we _must_ retain compatibility between
signature formats, even though, as I've suggested, a signature on a
remailer's key might mean something different than a signature on an
individual key.
Nathan