[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Commercial Mixmaster



Rich Salz <[email protected]> wrote:

> >No, I'm not accusing Lance.  But if he no longer has the time to
> >support Mixmaster, then perhaps some other crypto-friendly group
> >should take over the task and keep it an OPEN system, with source
> >code available.  In fact, even freezing Mixmaster as is would be
> >preferable to "improvements" that people don't/can't trust.
>
> This doesn't make sense.
>
> Someone wants to commercialize Mixmaster.  You don't know who it is,
> but you since you can't see how to make money doing this, you suspect
> their motives.  Yet on the other hand, you think they will be so
> successful that enough people will buy binary-only servers such that
> backdoors are a real threat, perhaps by forcing people to upgrade
> or otherwise breaking interoperability with the current free-source
> remailer network.
>
> You can't have it both ways.

Of course not, but it only has to *LOOK* that way.  What if, let's
say, that this new "commercial" venture offers their "new, improved"
version FREE for individual and non-profit use, much like Netscape
is now offered, while supposedly working on the "commercial"
development of the product.  Now you've got a free product in the
hands of end-users, plus it's compiled to support DOS, Win 3.1,
Win95, Mac platforms, etc., as well as the current Unix.  It doesn't
matter if a commercial market is EVER developed, just so long as you
provide a suitable "cover" motive for giving it away.  Of course,
source code is still not provided, since that would supposedly give
competitors (for this supposedly developing commercial market)
knowledge of the proprietary improvements.

The idea would be to take a standardized product and "steal" market
share from the various PGP-chaining schemes, while doing it in such
a way to provide a back door of participating TLAs. Mixmaster is a
superior product to the other schemes, but it suffers from lack of
user-friendliness and availability on commonly-used platforms.

Think about this:  if you were a TLA, can you think of a more
cost-effective solution for keeping tabs on the increasingly
THREATENING (to them) growth of anonymous e-mail?  IOW, invest a few
million to get a Trojan Horse crypto product into people's hands that
they THINK is secure, and thus trust.  Do you think they could use
brute force to crack large quantities of IDEA or 3DES encrypted
traffic for less money?  If they can't crack PGP, then get people to
switch to something they *THINK* is "more secure".

> But even if you could, there's a solution. :)  Download the source
> and start releasing "blender", a free-source anonymous remail system
> that is upwardly compatibly, *and based on* the current Mixmaster.

I think that's what I suggested, isn't it?  Hopefully it will be a
foreign (ITAR-exempt) individual or group.