[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Jeff's Side of the Story.
On Wed, Jul 02, 1997 at 11:53:56AM -0400, Ryan Anderson wrote:
> On Wed, 2 Jul 1997, Kent Crispin wrote:
>
> > The non-deterministic retention time in the network could probably be
> > solved, but at the expense of some significant complexity. I have
> > not been able to think of a secure way to do it, however. [If the
> > remailers know and trust each other, the problem is easy.]
>
> Remailers using this could be configured to not modify the "date" header
> until final delivery. Then you can base the probablity of final delivery
> upon some function of date/time or another header
> "X-Remailer-Max-Delay-Time:" If you're worried about traffic analysis,
> it is possible to randomly modify the date/time header by small amounts
> at each hop. (This however only helps and somewhat loaded systems..)
The Evil One can always masquerade as the next to the last remailer,
with suitably altered date fields or whatever. I wasn't thinking in
terms of traffic analysis -- I was thinking in terms of guaranteeing
that the last remailer in the chain, the one that actually delivers
the message, cannot be predicted in advance.
The current remailer algorithm allows an evil user to cause a
particular remailer to be the source of Bad Stuff, which makes that
remailer a target of those who don't like the Bad Stuff. The basic
problem is that the end user is able to specify the remailer chain.
[Digital postage can't do much to solve this problem, BTW. The
offensiveness of a message is not measured by the postage.]
On the face of it, this seems like a relatively simple problem. The
current algorithm allows the end user to specify the final remailer
-- change it so that the final remailer is not under the end user's
control. The problem is, how does the final remailer know whether it
was chosen by the end user, or by another remailer who *used* to be the
final.
Incidentally, another useful modification of having the final
remailer forward one more time is this:
if( destination address is in my legal jurisdiction )then
with higher probability forward to another randomly chosen remailer
else
with lower probability forward to another remailer
endif
--
Kent Crispin "No reason to get excited",
[email protected] the thief he kindly spoke...
PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55
http://songbird.com/kent/pgp_key.html