[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

My remailer and ARA's



-----BEGIN PGP SIGNED MESSAGE-----

My remailer does not support ARA's.  This is because the requirement
that incoming messages be completely encrypted with its key (any
portion which is not encrypted in this way is dropped).

In any case, the current scheme for ARA's is insecure.  This is
because people can send plaintext messages attached to the ARA.
This allows breaking anonymity by monitoring of the traffic from
all remailers and waiting until the message appears at one of
the outputs.

I will implement a more secure scheme.  The ARA will include
encryption instructions for each remailer.  Since each remailer
will be doing a transformation on the message, the attack above
will not be feasible.
- --
	Miron Cuperman <[email protected]>  | NeXTmail/mime ok
		       <[email protected]>	    | Public key avail
	AMIX: MCuperman				    |
cybercomputingimmortalcryptolaissezfaire	    |

-----BEGIN PGP SIGNATURE-----
Version: 2.1

iQCVAgUBKzb2O5NxvvA36ONDAQG/0QP9GVjH8zjBakbYChxCECGRPb02UJvPC9bj
1lS6GF4KTc5Z9yBejYMSLu5E7lVamgcQFuaBFrSusLyl1oXDcJtCUF4TjxgLCAOi
dXnkbu+k5oB9vLqlZK3nTSmxAuddjrOxbg/AS6M+aIY7rtwkyfnTgj+7pq4pYj6P
/nIpWAB9NHE=
=/i5k
-----END PGP SIGNATURE-----