[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Risks of using usually-reliable information sources in your programs
I've been thinking about building remailers and cover-traffic generators,
and there's a need for a convenient up-to-date list of remailers.
Raph Levien's remailer pinging service is definitely convenient,
and even produces some of its output in perl for use by perl programs.
However, it's important to be really careful when depending on information
like this, e.g. when building it into programs, because otherwise it's
easy to trick them into using bogus data, such as the crudely forged
article sent to Cypherpunks earlier today. The natural implementation is
to pick the more reliable remailers based on "Raph"'s statistics,
so adding records for very reliable bogus remailers is a win.
The security would be improved if Raph signed the weekly file,
but that also requires people using the file to check it with PGP
and not just grep out the relevant lines for their programs' use.
>X-Sender: [email protected]
>X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.3 (32)
>Date: Sun, 05 Oct 1997 18:06:56 -0700
>To: [email protected]
>From: Raph Levien <[email protected]>
>Subject: List of reliable remailers
>Sender: [email protected]
>Reply-To: Raph Levien <[email protected]>
>X-Loop: [email protected]
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>ADVERTISEMENT: Proudly Sponsored by the Electronic Forgery Foundation,
>http://www.eff.com
>ADVERTISEMENT: Digicash Software - Download Today! http://www.digicrime.com
>
> I operate a remailer pinging service which collects detailed
>information about remailer features and reliability.
....
>recovery [email protected] ############ 0:01 99.99%
>payswell [email protected] ############ 0:01 99.99%
>trustme [email protected] ************ 0:59 99.99%
>mulder [email protected] #*#*##*#*#*# 0:57 99.98%
Thanks!
Bill
Bill Stewart, [email protected]
Regular Key PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639