[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Threat models. [was: Why encrypt intra-remailernet]
> From: Nathan Zook <[email protected]>
>
> When I say that the Mark I remailers are laughably easy to crack, I mean
> laughably easy.
>
> By whom? I am hearing a general denunciation of the current remailer
> system. These blanket denials are false on their face, because they
> are not true in every circumstance.
>
By anyone with the resources to snoop up- and down- stream of all the
remailers.
> The only reason that our systems are actually able to do any good is
that
> our threat model _is not_ an LEA--with government resources, and
government
> patience.
>
> _Our_ threat model?
>
> There is not one threat model. Each person has their own threat model
> and their own desired level of security. An individual also desires
> more security for some messages than others. The current remailer
> network is good for some purposes and bad for others.
>
> Every evaluation of security _must_ include the nature of the security
> desired, because there is no single concept called "security" which is
> the same in every situation.
>
> Eric
Yes, but... The very act of going to the trouble of using these remailers
means that you are dealing with someone powerful enough to read past forged
From/From: lines. Does it take that much more to snoop these sites? My
gut says no. Everybody harps chaining. Does snooping take more effort
than compromising? I think it would be hard indeed to say so.
So if we think Eve can compromise some remailers, and/or read past
From/From: faking, we are, I believe, forced to believe that Eve can snoop
all the remailers. Threat models need to be uniform in the power of the
opponent.
Nathan