[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: premail.



Anonymous wrote:
> 
> A scenario:
> 
> 1) The spooks put a bug (named Eve) on the link between
> kiwi.cs.berkeley.edu and the Internet.
> 
>    Whenever kiwi.cs.berkeley.edu sents out the pubring.pgp Eve intercepts
> it and replaces it with a file of the spooks' choosing. This file will
> selectively replace the public pgp keys of some of the remailers (say exon)
> in pubring.pgp with keys to which the spooks know the private key.
> 
> 2) A similar bug is put on the link between the exon remailer and the
> internet. All email to exon is intercepted, and if found to be encrypted
> with the spooks' PGP key, it is decrypted, saved, re-encrypted with exon's
> real PGP key and sent on.
> 
> It is only a scenario. I am still using premail to send this.
> 

A good scenario. A truly paranoid premail users should verify who signed
the remailer keys. If you trust the signators and they signed the keys, 
you are "safe". Just do pgp -kvv [email protected] and see what comes up.

Maybe remailer operators should asks someone reputable to sign their
remailers' keys so that the users can easily verify the signatures.

	- Igor.