Re: Why encrypt intra-remailernet.

[Adam Shostack <adam@bwh.harvard.edu>]

Nathan Zook:
|  
|     Suppose Alice sends Bob a message e(M) through Chaum.  Eve, a stong
| opponent, wants to trace the message.  She keeps track of all outgoing mail
| from Alice, an MD5 hash of all incoming messages to Bob, and outgoing from
| Bob.  Eve then sends Chaum e(M), and waits for a matching MD5 to Bob that
| doesn't correlate to an outgoing MD5 from Bob.  (Eve knows that Bob is a
| remailer.)
|  
|     Gentlemen, I believe that I have just stumbled upon a strong proof of
| the necessity of remailer auto-encryption of all messages.  Since the
| session key is PRG, MD5 will change (a lot;).  Furthermore, remailer auto-
| encryption allows the mailers to number their messages to each other.  A
| low number means a re-transmit from the remailer, which is not possible,
| unless some sort of ACK system is in place, and even then, would still
| flag.  Of course, if the remailers _sign_ their messages (on the way out)
| as well, you could compare the timestamps of the signatures with the
| message itself.

	This is strong argument for encrypting your chain of messages,
using premail, or chainmail, or something similar.  Why the remailers
should do this is not clear at all from your argument.  Remailer
operator should be discouraged from cooperation beyond that which is
needed.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
						       -Hume