[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

How do I know if its encrypted?



        I keep seeing the idea that to keep out of trouble remailers and
Data Havens should require that data be encrypted before it is accecpted.
My question is how do I know it is encrypted?  If I say that anyone sending
me data to be massaged by my system must first encrypt it, how do I know
they are in fact complying with that request?  After all this is the area
for the paranoid's to hang out in.

        I see some possible options.  Most don't seem to workable.  I could ...
(1) Look at the incomming data, which of course would be impractical and
defeat the whole idea.
(2) Force them to pgp it, but that could be defeated by having enough of a
pgp sig. that my system is fooled.  Not to mention they must use *MY* idea
of what good encryption is.  After all I could say you must use my
encryption software that has a backdoor I know of, i.e. clipper, or that
costs money and can only be bought from me.  This last point would be one
way of making sure you made some money, but does seem impractial.
(3) Peform a histogram analysis on it, if it doesn't pass a certain
threshold reject the whole thing.  Although cute, I don't like this one.
(4) Encrypt it with my own key and decrypt it before squirting it back out.
This doesn't seem to gain me anything though since it could be said that I
still have the ability to look at the data.
(5) Only acecpt data from a remailer or other service that would be
guranteed to be encrypted.  This seems like it would lead to a 'good ole
boy' network that could exclude service providers it doesn't like.
etc. etc.

        Whos to say that the data isn't encrypted?  I could be hidding a
real message in that eagale spread of a porn picture.  'Simple, don't allow
porn but only accecpted images.'  Well that certainly sounds like a can of
worms waiting to squirm around your toes.

        Is the question of what is encrypted data similar to what material
is porn or some other 'evil' data?   Am I missing something in this simple
requirment of  only dealing with encrypted data?  Or am I simply blowing
something way out of proportion?

-Mark
----------
Mark Oeltjenbruns  [email protected]   N0CCQ
SnipIt Research    Finger for PGP key.
'My other key is 2048 bits.'