[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: premail.
Anonymous wrote:
>
> A scenario:
>
> 1) The spooks put a bug (named Eve) on the link between
> kiwi.cs.berkeley.edu and the Internet.
>
> Whenever kiwi.cs.berkeley.edu sents out the pubring.pgp Eve intercepts
> it and replaces it with a file of the spooks' choosing. This file will
> selectively replace the public pgp keys of some of the remailers (say exon)
> in pubring.pgp with keys to which the spooks know the private key.
>
> 2) A similar bug is put on the link between the exon remailer and the
> internet. All email to exon is intercepted, and if found to be encrypted
> with the spooks' PGP key, it is decrypted, saved, re-encrypted with exon's
> real PGP key and sent on.
>
> It is only a scenario. I am still using premail to send this.
>
A good scenario. A truly paranoid premail users should verify who signed
the remailer keys. If you trust the signators and they signed the keys,
you are "safe". Just do pgp -kvv [email protected] and see what comes up.
Maybe remailer operators should asks someone reputable to sign their
remailers' keys so that the users can easily verify the signatures.
- Igor.