[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

re: Remailer Encryption Module

   From: [email protected] (Eric Hughes)
      From: Nathan Zook <[email protected]>
      I also believe that hacking PGP is a bad thing (tm), because it 
means that
      every time an upgrade comes out, it will need to be re-hacked, and 
once you
      start hacking, when do you stop?
   I agree.  PGP just does not have the support for the encryption
   required for mixing remailers.  These deficiencies have been known for
   about two years at this point and still nothing has happened.  I
   expect this not to change anytime soon.
   That means that we have to replace PGP as the encryption module for
   remailers.  The first thing to do is to design a data format which
   supports what the remailers need now, and nothing speculative.  Since
   this data format has a single purpose, we can make new revisions more
   easily than for a general purpose package.
   Once we get a data format, implementations will follow.
As I've considered this problem, I've arrived at essentially the same
conclusion.  We need an RSA-IDEA package that does something very close to
Mixmaster.  The only caveat is that we _must_ retain compatibility between
signature formats, even though, as I've suggested, a signature on a
remailer's key might mean something different than a signature on an
individual key.