[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
-----BEGIN PGP SIGNED MESSAGE-----
One problem with the current encrypted remailers that people should
be aware of is that, since they operate unattended, they have to be
able to decrypt messages automatically.
This means that when an incoming messages arrives, the remailing software
automatically runs PGP on the incoming message to do the decryption.
But to decrypt, PGP has to be given the pass phrase for the remailer's
secret key. The only way this can be done is to have the pass phrase,
IN THE CLEAR, in the remailing software scripts.
The scripts are (or should be) protected using the Unix file system
so that only the owner and root can read them. But it's important to
know that root has access both to the secret key ring which holds the
remailer's key, and to the pass phrase which will activate that key.
This means that, at any time, root can find out the secret key of the
remailer, and read all messages encrypted for that remailer.
I don't think there is any way around this problem if the remailer is
going to run unattended. The only real solution is to operate on a
machine where it doesn't matter whether root knows the key; that is,
a machine where root is the operator of the mailing list.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
My public key, signed by PRZ:
-----BEGIN PGP PUBLIC KEY BLOCK-----
-----END PGP PUBLIC KEY BLOCK-----
CYPHERPUNKS >INTERNET:[email protected]