[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
My remailer and ARA's
-----BEGIN PGP SIGNED MESSAGE-----
My remailer does not support ARA's. This is because the requirement
that incoming messages be completely encrypted with its key (any
portion which is not encrypted in this way is dropped).
In any case, the current scheme for ARA's is insecure. This is
because people can send plaintext messages attached to the ARA.
This allows breaking anonymity by monitoring of the traffic from
all remailers and waiting until the message appears at one of
I will implement a more secure scheme. The ARA will include
encryption instructions for each remailer. Since each remailer
will be doing a transformation on the message, the attack above
will not be feasible.
Miron Cuperman <[email protected]> | NeXTmail/mime ok
<[email protected]> | Public key avail
AMIX: MCuperman |
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----