[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Threat models. [was: Why encrypt intra-remailernet]
> From: Nathan Zook <[email protected]>
> When I say that the Mark I remailers are laughably easy to crack, I mean
> laughably easy.
> By whom? I am hearing a general denunciation of the current remailer
> system. These blanket denials are false on their face, because they
> are not true in every circumstance.
By anyone with the resources to snoop up- and down- stream of all the
> The only reason that our systems are actually able to do any good is
> our threat model _is not_ an LEA--with government resources, and
> _Our_ threat model?
> There is not one threat model. Each person has their own threat model
> and their own desired level of security. An individual also desires
> more security for some messages than others. The current remailer
> network is good for some purposes and bad for others.
> Every evaluation of security _must_ include the nature of the security
> desired, because there is no single concept called "security" which is
> the same in every situation.
Yes, but... The very act of going to the trouble of using these remailers
means that you are dealing with someone powerful enough to read past forged
From/From: lines. Does it take that much more to snoop these sites? My
gut says no. Everybody harps chaining. Does snooping take more effort
than compromising? I think it would be hard indeed to say so.
So if we think Eve can compromise some remailers, and/or read past
From/From: faking, we are, I believe, forced to believe that Eve can snoop
all the remailers. Threat models need to be uniform in the power of the