[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: premail.

To: [email protected]
Subject: Re: premail.
From: [email protected] (Igor Chudov @ home)
Date: Tue, 31 Dec 1996 01:18:01 -0600 (CST)
Organization: Bool Sheet Software
Reply-To: [email protected] (Igor Chudov)
Sender: [email protected]

Anonymous wrote:
> 
> A scenario:
> 
> 1) The spooks put a bug (named Eve) on the link between
> kiwi.cs.berkeley.edu and the Internet.
> 
>    Whenever kiwi.cs.berkeley.edu sents out the pubring.pgp Eve intercepts
> it and replaces it with a file of the spooks' choosing. This file will
> selectively replace the public pgp keys of some of the remailers (say exon)
> in pubring.pgp with keys to which the spooks know the private key.
> 
> 2) A similar bug is put on the link between the exon remailer and the
> internet. All email to exon is intercepted, and if found to be encrypted
> with the spooks' PGP key, it is decrypted, saved, re-encrypted with exon's
> real PGP key and sent on.
> 
> It is only a scenario. I am still using premail to send this.
> 

A good scenario. A truly paranoid premail users should verify who signed
the remailer keys. If you trust the signators and they signed the keys, 
you are "safe". Just do pgp -kvv [email protected] and see what comes up.

Maybe remailer operators should asks someone reputable to sign their
remailers' keys so that the users can easily verify the signatures.

	- Igor.

Follow-Ups:
- Re: premail.
  - From: Rich Graves <[email protected]>

Prev by Date: RE: (Fwd) Re: Mr. May's Posts. Other Things.
Next by Date: Re: (Fwd) Re: Mr. May's Posts. Other Things.
Prev by thread: Re: premail.
Next by thread: Re: premail.
Index(es):
- Date
- Thread